From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2040.outbound.protection.outlook.com [40.107.223.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80B851BDA90 for ; Thu, 12 Sep 2024 19:09:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168157; cv=fail; b=g+sbI+9FiCRehwep8Rh2/MyOcYzbDaki1Gli6oiEDUhhhsrJc+VeazFsecrWJI1XmbtqD7i621oB1VSvWJGtRZcjEniEwQanheTU2KGxaUQS9imeK015rZD9ep7Um7pzpg5EK7vEmpjcOFMJKmyUQ03eeXl3NdNnXNCIjw50ZbU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168157; c=relaxed/simple; bh=d0nJG4uWYKFfBerN+EFf0Lavown86xSo35kM5rI6CQQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CRI/B3fbE/uuDn7OVI8uvLSIwKVdCdz0kkEgKAi/1+cWTdMgTjs07EQtChcfXFe7cldUdX194NcxADlamSpKVQQ7+WEY62UXCSZBRbKYgQv87qyuJnHo1kIc2JbxRwT1rWAXrykHWxzFv8Ogxpsn08KV+9sBOS0h0uyJbHzEhRE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lSkqOTv3; arc=fail smtp.client-ip=40.107.223.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lSkqOTv3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yJ3LvwtUqCF1GBs/iVe28JWLiPHdhujwKhoI3Ssj8zrx7iR5uyM3Lo+7B9z7f8s2XJc56T43q1gkF7PWr/hUtshRsK2xTYoTB1nmmNeWPlqRWbHiLNcSLWNxI1yMjnK+G70md0YOByg2aI0K8l/2k9YWwhqYNugTpq78I9ibjyE+lWa5V9oWs7Yai/Lvnt+DYj5zBsqJK2X65wHLm/2XyGeMD/KfofnAFGSaP/F+z/jT2ILc4N+EIbg1uB5Tpcv1p7ofHIglQ6+nCO30zZj2PvDM9x2Ji9pJyqxC22diBSzdFqVdMY4vxE1l9egGsLJbWPMhWOOi7baDr0739afaGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O8KKc2P/woy42IaZh5WOg9T41qdA4FCvdAkOvOb5isg=; b=jyChM7aDgEu7tciRVH2B1Is7deBFYYcrGwQJggPXBTLH+gxCtMvJ2LdvziBvFfV8BgSe7PjRYBtCLDCfZ1mLR8XLPOxNoIUsCEWKsTnDK/TI6CK0QIfz8Kxk2UCMOEeFzsdjRE/OBsT9Z7H3Cuyrn9Au2yE0JpjbY8BsHgBoO6aunUspPIWpMZZ/ekfHsyV08DiMZbCDDdDbn70gxg86jH7a5p94WV1h16vykoHGKdihmAEcqNsdYj/IVrircb5zaFaaRatN3PRHGv4j5PEqDenmbT0bGQnvKtAO9p6zIdrqhWJ1G8pS79OwcYIfz7mMjmePGJJY9K4dUsJifwB6Vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O8KKc2P/woy42IaZh5WOg9T41qdA4FCvdAkOvOb5isg=; b=lSkqOTv3j1/95jlba2N6rpm/7zy93IVAsC7A4A2s5JyVv5oamNVuQfZaHWeItW59eokuq7phvCO9FsdAGkxdSxGM4rtxOnotp5M3VwL7lX1py77eTyfAHAxSfL4TWZ7eBg0RZFc0V0HpwixaYURsbKiGlFdPVfGjXO4EQCoEuq8= Received: from MW4P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::18) by PH7PR12MB6811.namprd12.prod.outlook.com (2603:10b6:510:1b5::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.31; Thu, 12 Sep 2024 19:09:11 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::32) by MW4P222CA0013.outlook.office365.com (2603:10b6:303:114::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:11 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:09 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 01/34] x86/bugs: Relocate mds/taa/mmio/rfds defines Date: Thu, 12 Sep 2024 14:08:24 -0500 Message-ID: <20240912190857.235849-2-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH7PR12MB6811:EE_ X-MS-Office365-Filtering-Correlation-Id: bcc6fd65-53b5-4c09-2728-08dcd35e628d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?8aaLVF65oJJMcldpbNFx+R7VLQzpO7dU9PfxzLpiAsadwgNk9016IDuo/Af3?= =?us-ascii?Q?vxl2xYELP4xMym6K+HQ+rLNAi6acqT1AwYbd5FYrCS9fnPqq2NlTp3kyyV6a?= =?us-ascii?Q?WcpB29A8AbV7rxj1fszIo7vITDp4Mgg/cq5OeRG9+uZZYK6vVHcG7+tFkGrZ?= =?us-ascii?Q?iiko4m2eV0GsCknJZWzAO5UQ8mPCPoqBPHIqq7lIeMvH1xJt8XMO0dyHiOpZ?= =?us-ascii?Q?MdcM7hZYPpOmNoRLLxGZ+zasBRQJVNpesh18TNm4rj/65Ggwg2+63Ru/c5MY?= =?us-ascii?Q?lE1jv7p3kcKv9PRD9P6wLqMg7saLmR654hNes5qPux+1DTKzv3p/IczHoCMw?= =?us-ascii?Q?C9+kCE/ELuUVnqQDZAl+Hjgy/XSVzhSzAePRB7HlIkOwHjf7rbOCHcfQnQZR?= =?us-ascii?Q?kv2tgt7JO2GBa0wnyY/mtt51NOF/DCWOz6RE9Zmj4NW6aJjP91qqWM6f2nCB?= =?us-ascii?Q?zrCsBo9vF71BBTQxd3gTMOBL7zsEw6JA7Z9UMSLbxooPEWnYy3MC1WN8Z9uM?= =?us-ascii?Q?f0SS3SIGIs6cDAxR++fjmSUML65/gwD5zq5dSIMmUEO8L2Fm3ZrNonFbSUNA?= =?us-ascii?Q?jGxebU/amwsMo/3BR36tBhJzdv+hgpCnNblPMK9SHZI9nBpBKeNgMCT3Pqd9?= =?us-ascii?Q?fc4ZNy3tMST4ub8OqQKdxNRKHHBdWxBf+slRAGMO9CWnFPU7/mNQUDukNu+u?= =?us-ascii?Q?h2jxixX5LBCyX8t5pSP58GWplfUuEgcaD7ynDIj0yQK2p5aFv6oTKka70NU9?= =?us-ascii?Q?K01XNYvnMDzMiu3uGKXSuc09ntFxYpyumO1MsCmwe7cV4Rm/Dw4yBKW4aKXV?= =?us-ascii?Q?m/AaTGQa0jfbPe452vVTCskaQiffjKgvlpljKjZQG7V2uO4uchRERF+053lY?= =?us-ascii?Q?ANFazeHwzVJccEQwP8xoVN+o9pIhmsxQnT/y/0vHEkJdfqfhOOuWU5u77lib?= =?us-ascii?Q?nGMNFNzIxmTET9voEBRxXGnHWDC8C4MKscrc4/Zgm3B+Wh3VXnlluAwfI4ig?= =?us-ascii?Q?l+kRaRgPdIeUXkMtYurgFtVsa712WrygpAP/R82E3g8Qk9nAe3y5ZDiL952c?= =?us-ascii?Q?ziDOK9TsVz3yt9TX2JhtG1IrdNKdfb5taan0+YqtZChEnpt59Kw3dZ6pxkwR?= =?us-ascii?Q?+zNdUdc16XXpcEHPdOhyHAUf1nRTKEWEu2OKEeXI2aL4Et5VpgKYzy7lnro7?= =?us-ascii?Q?UTiwg56/pkXMfsEEgN71omxhlmLkML+ShAJy83UiBRRZS8PD71ruH/+EYX4e?= =?us-ascii?Q?XsoercP6hMHpM/FjwiZzitJgJaEWGpH+cPehe59gUtWQJwDGxFbxC84kyFfN?= =?us-ascii?Q?/6Ko+FTkeQnxAAr58R0jZX9NSZ0KMhbwzDg8PIjGICtGyH0pkj9SJOLe5kSR?= =?us-ascii?Q?6VS0r3iE6b5hK9yS7mnWkrlFOQhqywsMwM9HUDf/5N6TU0DK4ZBkgLHPliEI?= =?us-ascii?Q?vEp3/2HWfROm3cQRfqLm9f8Hkz32ufbi?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:11.2009 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bcc6fd65-53b5-4c09-2728-08dcd35e628d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6811 Content-Type: text/plain; charset="utf-8" Move the mds, taa, mmio, and rfds mitigation enums earlier in the file to prepare for restructuring of these mitigations as they are all inter-related. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 60 ++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d1915427b4ff..ee89e6676107 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -243,6 +243,37 @@ static const char * const mds_strings[] =3D { [MDS_MITIGATION_VMWERV] =3D "Vulnerable: Clear CPU buffers attempted, no = microcode", }; =20 +enum taa_mitigations { + TAA_MITIGATION_OFF, + TAA_MITIGATION_UCODE_NEEDED, + TAA_MITIGATION_VERW, + TAA_MITIGATION_TSX_DISABLED, +}; + +/* Default mitigation for TAA-affected CPUs */ +static enum taa_mitigations taa_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; + +enum mmio_mitigations { + MMIO_MITIGATION_OFF, + MMIO_MITIGATION_UCODE_NEEDED, + MMIO_MITIGATION_VERW, +}; + +/* Default mitigation for Processor MMIO Stale Data vulnerabilities */ +static enum mmio_mitigations mmio_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; + +enum rfds_mitigations { + RFDS_MITIGATION_OFF, + RFDS_MITIGATION_VERW, + RFDS_MITIGATION_UCODE_NEEDED, +}; + +/* Default mitigation for Register File Data Sampling */ +static enum rfds_mitigations rfds_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; + static void __init mds_select_mitigation(void) { if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) { @@ -286,16 +317,6 @@ early_param("mds", mds_cmdline); #undef pr_fmt #define pr_fmt(fmt) "TAA: " fmt =20 -enum taa_mitigations { - TAA_MITIGATION_OFF, - TAA_MITIGATION_UCODE_NEEDED, - TAA_MITIGATION_VERW, - TAA_MITIGATION_TSX_DISABLED, -}; - -/* Default mitigation for TAA-affected CPUs */ -static enum taa_mitigations taa_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; static bool taa_nosmt __ro_after_init; =20 static const char * const taa_strings[] =3D { @@ -386,15 +407,6 @@ early_param("tsx_async_abort", tsx_async_abort_parse_c= mdline); #undef pr_fmt #define pr_fmt(fmt) "MMIO Stale Data: " fmt =20 -enum mmio_mitigations { - MMIO_MITIGATION_OFF, - MMIO_MITIGATION_UCODE_NEEDED, - MMIO_MITIGATION_VERW, -}; - -/* Default mitigation for Processor MMIO Stale Data vulnerabilities */ -static enum mmio_mitigations mmio_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; static bool mmio_nosmt __ro_after_init =3D false; =20 static const char * const mmio_strings[] =3D { @@ -483,16 +495,6 @@ early_param("mmio_stale_data", mmio_stale_data_parse_c= mdline); #undef pr_fmt #define pr_fmt(fmt) "Register File Data Sampling: " fmt =20 -enum rfds_mitigations { - RFDS_MITIGATION_OFF, - RFDS_MITIGATION_VERW, - RFDS_MITIGATION_UCODE_NEEDED, -}; - -/* Default mitigation for Register File Data Sampling */ -static enum rfds_mitigations rfds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; - static const char * const rfds_strings[] =3D { [RFDS_MITIGATION_OFF] =3D "Vulnerable", [RFDS_MITIGATION_VERW] =3D "Mitigation: Clear Register File", --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2057.outbound.protection.outlook.com [40.107.94.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 136371C1724 for ; Thu, 12 Sep 2024 19:09:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168160; cv=fail; b=lqfFaiegj6CAMnxKFQlIZDBRInWJnLnvCJ2/sgMxE2AW+aHmz6BT7ZoK88jChJQteky1NvMVGb9pmKBc+JfPiHyxPKBYZZBapqgug94itWRTtGgQFHOzr8ugpD3HivJ6rkLFKNfiZHJzpUDbx/qH+ZqZZO/0vyJVXuCEpHg0uL4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168160; c=relaxed/simple; bh=RFg/c842V4NKgIhafcrsxW4OY/E4tlnEsEM2d7p3gEg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CFoifAsPWy8NlPHzIsqc0rWO41ycHZsSUcQfpqNU4Hz1Hc4KTOcw6FHrpB9hpojMrP0n1OS0ytxGiqxXitqhT2U/PnIAqX4upBEGf7XagzoqbP8yZ8JTOaEYQFQr8mEY3HcGH7heHGEthXIXmvYVdQGv6YiXIoOy949YjmUGSy4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yinVSogq; arc=fail smtp.client-ip=40.107.94.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yinVSogq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KamXGPfJ5XiwrOhL2ZDxznNBKNizubEESwKPwNnv5VloDYKa194BnVTnLEwpT3kaIJe+Tkd1USUgJ/Kc6s5d88+qMpUkxuxrDL3B8qzJwcstKdwIKhr8Qt7AuTuydegRknO/oDJFJgVEBPHdjy/ekiFURraihJkHcefbiYn80v08AsT9dUKAwEbhlfYrUGYAuXdKsp+FZPsJF1vGMoT3mSAd2R/OqUdAlkgPPpnfs256PvYnZGX6Cs2mTjQrSTtWIV20ZMkXiZmnLP8CnZ7eubnRusYkE0ZOjfzkqFpittiqA0PlBDYsvKk3FoDN2e+Gh30A0tj8sBMWpjtCgRFFmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vBYmvgdbmZjIYqvMadFMMeEMiruEEyEZrjyEld5POMA=; b=YNuiiugFdc74joDRJRyc21+LtcQCiuK7zTUfFDkORqBacNphJA9FloOWR1t/OMFb3QH9CrR4xHYm62FH3oCmbkcypVVd6Z4amNX4m0m5n38ZlGlmtoZJCgoZ7iP4iBhPHMOMV5khM9YEma93FrDnvdwzrA6Jyqc7+SCkh0ppnfK2rhYKhUKpTSanVyiHTobaVa1m+uU1wRtAXyTx40dOq+XFfPxeUmRd+D+R9365ngSN0aVnbIqb7qrKrvxE60q5rASoiI5eoGzcFZAgdsEpdtqeNvb81AucrOiAwegN+00y+ggALcj3iSwBcpJMNWAorCmDO+aEvVOIiQ3ssBKWYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vBYmvgdbmZjIYqvMadFMMeEMiruEEyEZrjyEld5POMA=; b=yinVSogq25D7Co2BD3qiwd26tKgD+cTgKjCIaBq/Ki2lZrYi8edyCmbl1vFMNyB8/dxpgZVTdfiwGIoepi89tgwrB1pEgKtbiKpXkR7mKXYzdiEqxmfw92rBBQmm5W5/nwJBj92ynAyGRa8lFQ+YeeCYPK9RDy2xFPd6AVffwZA= Received: from MW4P222CA0001.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::6) by MW4PR12MB7168.namprd12.prod.outlook.com (2603:10b6:303:22d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.17; Thu, 12 Sep 2024 19:09:12 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::7) by MW4P222CA0001.outlook.office365.com (2603:10b6:303:114::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:12 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:09 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 02/34] x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds Date: Thu, 12 Sep 2024 14:08:25 -0500 Message-ID: <20240912190857.235849-3-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|MW4PR12MB7168:EE_ X-MS-Office365-Filtering-Correlation-Id: 63765c55-a07c-44e9-21d8-08dcd35e6309 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|82310400026|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?MoUAo0qLPGalbOOv2aHuWm1s+J1teb+xBKavxYM0dcJDvQ5XU97Tnw5dXzER?= =?us-ascii?Q?Qx3W1CvB1jvbtKGt6lGgoVOqT12jwE21MWqG97zVpqEwBKf/0qzTn4CbAPCN?= =?us-ascii?Q?2w1r2O1UTXm9UGRKdMq66yy/T+WKkUoSnjp4mvcNNIvSA3g+yVIA+4sC3IZc?= =?us-ascii?Q?IlvsYqgxyuBO3cRNFphDkLtNjE5+I7HgC/UA/90/69h/OqptkqYasbv/lzKV?= =?us-ascii?Q?/zI299V+a61r0SRnIX2jQWroEVqaLOAm1AwxVl4Os8ZXUDgcFr1FBS0F+3gM?= =?us-ascii?Q?C2lrmA520nztjyQBv8tPghEl/fNeqf4CKY+Zis9KqpYsBypzLDxQ0SZxtVYT?= =?us-ascii?Q?DiCwGIu3X2hwKPjupltXolt6i0b5Ct2/z+ZaS1ipdRpKRGVHxP8Z9KyGwxrA?= =?us-ascii?Q?FzexsOyhL6rColfCdIApeEJVAdbKKo/SDIOutVrYQ6cchk3TrxKciRqmS9Jm?= =?us-ascii?Q?/7hABcV39/LDTCtGr/fAU3H1YajBD/QDsQUaucQBRfHahNucP1Y+Iy8brRGz?= =?us-ascii?Q?mX/ax7mGP0nT+iPTbi18xhJHapMChQDpebEhFv6zf+JXtx3fUxKqgDyv/nrm?= =?us-ascii?Q?U3XS2rf6CVkgGtAXx6kDcJ9K5Qqxqb4PHUJS03yBMwKoQsYCRg02wf7Vg2+S?= =?us-ascii?Q?4fkoa/ZOOXMDjbr6PLO/lio4ZEwEj7MDWW63CsM0vFsrKduPlSlkVERfaQVR?= =?us-ascii?Q?BDUdJtZI1lz8IbsbUkJRaPTXnt6k3n3paUgtDK0H4QIRA6+3xoXd8e6WuFyl?= =?us-ascii?Q?NnGRSKvJV9VpwrAhf33oAUVtjJ+gj7r96guqnzFerpwJ9zTyIZurDnhapkNP?= =?us-ascii?Q?CFQZe6ie7bLhB2Q5Lw//hm6JDsfq+D3Fw0fxjXHtU3hfCjFm+jpkPDobWxCw?= =?us-ascii?Q?FlwhmxhLrdoI3GHq09VoDGdPzDzBM0a2GAeIfSGu0fgbctT574gUkD7MIpas?= =?us-ascii?Q?jHyA8IpXAPvBtZQzY1c/10Haw74Nw5q2R9APufoXOx7cGBANiyNxl4IPLxBu?= =?us-ascii?Q?SUciDALFas6NDGco/uu3CrNEIdjEW6sP0Lxxb73T8GMhGeryIhq/lWiuyYoj?= =?us-ascii?Q?Wri3F+DxultnjCOEpZ7sib//r8LFJEF6bYV72Qt5tNKxs6xPATjkUu5dVN3q?= =?us-ascii?Q?B8eQjF+LwDk8sEDFqd1dGndczolrifOrWdSp260MpeyeJuZoj90ASpEwyv5g?= =?us-ascii?Q?8ikH1tPby/dqxix/v6r+BBuJ5v7QqtmxY1YcMAQYsy1vrzoc4L21Quteo0LF?= =?us-ascii?Q?VZNtL0BZzfY+kI+prshHLUCWaudj1OOXkDQb0026EjIis/6R4blqpZC6jhzm?= =?us-ascii?Q?K6PXcrtvYwpPuJJLowf0AQNPRYGp9Ii8nOkhhhqI+M+h2TNbWt8rOrX5iN67?= =?us-ascii?Q?g7XGPcasyg6aRTLgnr/2NVXtkGv68Q89bqZShoLAp2xIMvNH7zKtms0fNPDN?= =?us-ascii?Q?ZCQOqlZ9wEtBwpNco8vtFmbdVQDAdaHu?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:12.0134 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 63765c55-a07c-44e9-21d8-08dcd35e6309 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7168 Content-Type: text/plain; charset="utf-8" Add AUTO mitigations for mds/taa/mmio/rfds to create consistent vulnerability handling. These AUTO mitigations will be turned into the appropriate default mitigations in the _select_mitigation() functions. In a later patch, these will be used with the new attack vector controls to help select appropriate mitigations. Signed-off-by: David Kaplan --- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/proces= sor.h index 399f7d1c4c61..187805f7db3f 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -739,6 +739,7 @@ extern enum l1tf_mitigations l1tf_mitigation; =20 enum mds_mitigations { MDS_MITIGATION_OFF, + MDS_MITIGATION_AUTO, MDS_MITIGATION_FULL, MDS_MITIGATION_VMWERV, }; diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index ee89e6676107..1cf5a8edec53 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -234,7 +234,7 @@ static void x86_amd_ssb_disable(void) =20 /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_FULL : MDS_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; static bool mds_nosmt __ro_after_init =3D false; =20 static const char * const mds_strings[] =3D { @@ -245,6 +245,7 @@ static const char * const mds_strings[] =3D { =20 enum taa_mitigations { TAA_MITIGATION_OFF, + TAA_MITIGATION_AUTO, TAA_MITIGATION_UCODE_NEEDED, TAA_MITIGATION_VERW, TAA_MITIGATION_TSX_DISABLED, @@ -252,27 +253,29 @@ enum taa_mitigations { =20 /* Default mitigation for TAA-affected CPUs */ static enum taa_mitigations taa_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_AUTO : TAA_MITIGATION_= OFF; =20 enum mmio_mitigations { MMIO_MITIGATION_OFF, + MMIO_MITIGATION_AUTO, MMIO_MITIGATION_UCODE_NEEDED, MMIO_MITIGATION_VERW, }; =20 /* Default mitigation for Processor MMIO Stale Data vulnerabilities */ static enum mmio_mitigations mmio_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_AUTO : MM= IO_MITIGATION_OFF; =20 enum rfds_mitigations { RFDS_MITIGATION_OFF, + RFDS_MITIGATION_AUTO, RFDS_MITIGATION_VERW, RFDS_MITIGATION_UCODE_NEEDED, }; =20 /* Default mitigation for Register File Data Sampling */ static enum rfds_mitigations rfds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; + IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_AUTO : RFDS_MITIGATI= ON_OFF; =20 static void __init mds_select_mitigation(void) { @@ -281,6 +284,9 @@ static void __init mds_select_mitigation(void) return; } =20 + if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) + mds_mitigation =3D MDS_MITIGATION_FULL; + if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) mds_mitigation =3D MDS_MITIGATION_VMWERV; @@ -1965,6 +1971,7 @@ void cpu_bugs_smt_update(void) update_mds_branch_idle(); break; case MDS_MITIGATION_OFF: + case MDS_MITIGATION_AUTO: break; } =20 @@ -1976,6 +1983,7 @@ void cpu_bugs_smt_update(void) break; case TAA_MITIGATION_TSX_DISABLED: case TAA_MITIGATION_OFF: + case TAA_MITIGATION_AUTO: break; } =20 @@ -1986,6 +1994,7 @@ void cpu_bugs_smt_update(void) pr_warn_once(MMIO_MSG_SMT); break; case MMIO_MITIGATION_OFF: + case MMIO_MITIGATION_AUTO: break; } =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2061.outbound.protection.outlook.com [40.107.244.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 98CB01BFE0D for ; Thu, 12 Sep 2024 19:09:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168159; cv=fail; b=nwFfz5yVuUWFKbcE4MNV+77N/i28Dx/J1ygM2yHn28UGSmu94NRGkcvf8vhcIrRCWvQDb5Y5X+5AmC6liqHqYPVhci/ttHUw0Osx9eYwKVLWfo8Dzlio0548vspUk0DZjOFWeZDFhpFdW7h+LE6btbanmzZtuXxNc/87Yrpzj1s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168159; c=relaxed/simple; bh=+CYGMB4pVLRe5WH2LASMqCUfPX+if6bA9ByWYcCh3iQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gNEIJzuzydwYgLMMw+RPyIm1kZq4H4oTcH4iNHWKjv/PUocp/TZ63POWCVkk8LV6hQWJ4n0b8GLV33810B8j294L9qV+xtaAAeyHTVvSpB5dYz0h8s4oiGrxGC43Yexwdvp+X1lt2TYHWhPE6C70s0tCf4SiT7uInZc6wvNWwIQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yXHsbkkj; arc=fail smtp.client-ip=40.107.244.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yXHsbkkj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pbfZywicSYW+uQEjpNmbvonXsaRlIVdivdbES2WdhSqq5umJEbwDS/pPEi7oak6YnezLQjZC59Cn6CxSajmx8pzHviokUPvGGdCeEzn7wylp1/KfPwgwR31YsQYldUsHlOm6NAoYwrNam/t1QZrGOD/PoQJtCzGaEdZlQ8UclqLWi4jvRa2+IaUwWnMZjIAsViR2DXoMwJr9WUyGAUiYWjW5WizWxWSeVx3HfCO1/CgvuW/bOPxCP1qeanBPDmDdzGVtZb4Ks0qukOROGnnT1wdCBeBBhsiMEtpSJHv5AZXpmDtiDamuZlOsgQDOGl9z7ucVSx/GaGqnOw+edf2l3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9h/hbop2lbzZqx1PnHLmIpOGYnAbuYuU6Jv7hdO6WU8=; b=MZZK2dXGSBEYtrGvJA/CeSiFobkaxZH8hzVSn3a/VaejRMKNp5qdhfFdT4IZm766vdRMj1QWnpql/FEQDFoGgY2nbjpQeH8y4MSYm7+l8G84WeRtanRs05S1hUARR0ygHxgaBZJabqPUBYaoYVOogWjlT/WxU1feCsgDYGKC9EqSR09Dxg2/TxI4Bn52cLOLY2B81ylIe5I0SfPFHVc/Ut38X5vAueEd9+HTlDp/5RnF0ytg/WWMP3G+Zi3qn5Op7AbvdpsjpRUfkwOEIonH3NZTMN5RKDSweQ7DpfcaQuyFbKGG517I/09nElmx/rmAkzkw0uVFl/l3wP01QREY+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9h/hbop2lbzZqx1PnHLmIpOGYnAbuYuU6Jv7hdO6WU8=; b=yXHsbkkj1AReGeAb6hiD7nkb42ehWjxlozO8zBWCTRsKPA74jqrZce9jp3yajITYcwZgRUpGyY+EDR8eq+MOeyRSnHcp78U2oRkDOvc0QO2HTddkvYdFR3HWft+gdPOxH9gVCaZ4ZMah9rfTntFZC5XL+pwT4JCGl8kq55nVGn0= Received: from MW4P222CA0014.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::19) by SJ1PR12MB6028.namprd12.prod.outlook.com (2603:10b6:a03:489::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:13 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::de) by MW4P222CA0014.outlook.office365.com (2603:10b6:303:114::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:12 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:12 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:10 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 03/34] x86/bugs: Restructure mds mitigation Date: Thu, 12 Sep 2024 14:08:26 -0500 Message-ID: <20240912190857.235849-4-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|SJ1PR12MB6028:EE_ X-MS-Office365-Filtering-Correlation-Id: 8588c9f6-56b2-4278-bb27-08dcd35e6363 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?fJasT1Fn3Gl9We0hP6jO06pV7h7V1h/FKrjPXX4CfWElhvWHdAU8KhOLsrv4?= =?us-ascii?Q?Dycqr38KCQW5ck67YaLqHMnBoY+lI/XqEq29k/5P4k9VTE4si2yTY1/WlCLI?= =?us-ascii?Q?R4P0qzNHlI0E2NnMhaBvnOZ0XNuXNEvTydn+ugOHD1VaEJ9AqLLQPFZxGPGO?= =?us-ascii?Q?C05IRgML7wAWyRmyHmdAVs1nSPSEFe7c9R3KFbsJAQFViIA4bRx43+El+yy1?= =?us-ascii?Q?Jgt9RAMCq1karEmkAX5/3OPO0YGADIH7aLyjYipsdPJP+3AgNbzJiGBXoNgp?= =?us-ascii?Q?lhuiEvhs20cmb0j/rPG+LVJS+ErSzA0hxinlfCVnJNPKaNaF3FPSCuY5uqwm?= =?us-ascii?Q?IBeKkHewTUfcWSThlEKgfbjtAulqbdVnuu/Jm0UTjfXjB+gv79+4pmfOz5AZ?= =?us-ascii?Q?GXn487XL/3PW7Vder4b/czX8ZM11DT4W6AOO/UgqAxfVLOvpszHfJFSTP2vH?= =?us-ascii?Q?M+1487JMSkNsdLTx0WVmk6vKzYu5yzLQsylPjlUHtjiS1C6d0So9ZH1ni2a9?= =?us-ascii?Q?J9h23vYrEZ/BoUWf+RcN/UXuZ8hYUKHVt6xFTWhfvDQ9J7riuItbHGgYfdtW?= =?us-ascii?Q?w2EhZdA5WiQ0nCnV6oZV3qtq698wU2AvFWZ941nmo04a3YZUs5Z9N3tE/zxu?= =?us-ascii?Q?BdjwgdtK9QkXSYZ/l1NzDZIm51yjqN8bNljSpohPXUhCIYdrAHXF6A8bmVw1?= =?us-ascii?Q?PHN1slPUBoOfuVhxqZ3N+P4b8WYs6ageMfp8YzysQLDsh6OOmkGl7rPBhuis?= =?us-ascii?Q?ie4Vjf0GTWkQmRd8XYdF/HSg5lmvhlXauLzxm8rBVJD8U4jAoFI0bGaySLrV?= =?us-ascii?Q?/KJfh0UHLG1g3fuQ+fou45TfIIGSX/BuHz8YbPELZ34imt821acyRqYcYE08?= =?us-ascii?Q?dOPbzijGs0JDkhHKegc22010UZI49bLAtEhKe8Vrx5YQtXL2Fqg0qaoBfxq+?= =?us-ascii?Q?NaI7k5Qt8gFLHvS/kvW7bOXjL9jLgvGzqNGuUGUyV+0IBdz5OWMhkfrfKAwh?= =?us-ascii?Q?Aw49WNUYXnJtcXcnwk5Df9C+HcrEVP9nHPfiLljwKycYy7SQXKicSmIDkrlr?= =?us-ascii?Q?5inHhtGay+Mz6XZG9vjgnKZuNXJ8IToUZ8BDbKUdbocLvW4IjrJwAQCcT7Oe?= =?us-ascii?Q?RGPSLaAsLsrVMpduKsxGNBW2B09W1h/jsAZAe+Pi190JxpLuG0EBViRLYb4f?= =?us-ascii?Q?2fBjTLL2KObyB10alGefewJ0B5gQY3OEEcgG3pmgqARyupvG/4XAbVXDqTSQ?= =?us-ascii?Q?Aky9umpVnx5PwfSWG60F2ykPCETKF3NTQT5zXX8rcq4E0n0dVigWn3p+WyY5?= =?us-ascii?Q?ZNTEDpJYtrAEG4xjshU0Ec3lq6NJ3AOo6uqan79tMGglepnhO/vgAYCVo7u/?= =?us-ascii?Q?3G+f6/kViIFFXXnr9KzMIDQ5vMPliSkURNWmasfeEbNESBLD9D/HCDYAnZ4u?= =?us-ascii?Q?2IS7E7Vo4nw7bWCK+ZJ3SocvpvPgxy6f?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:12.6228 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8588c9f6-56b2-4278-bb27-08dcd35e6363 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6028 Content-Type: text/plain; charset="utf-8" Restructure mds mitigation selection to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 58 ++++++++++++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 1cf5a8edec53..0bdd4e5b8fc1 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -34,6 +34,25 @@ =20 #include "cpu.h" =20 +/* + * Speculation Vulnerability Handling + * + * Each vulnerability is handled with the following functions: + * _select_mitigation() -- Selects a mitigation to use. This shou= ld + * take into account all relevant command line + * options. + * _update_mitigation() -- This is called after all vulnerabilitie= s have + * selected a mitigation, in case the selection + * may want to change based on other choices + * made. This function is optional. + * _apply_mitigation() -- Enable the selected mitigation. + * + * The compile-time mitigation in all cases should be AUTO. An explicit + * command-line option can override AUTO. If no such option is + * provided, _select_mitigation() will override AUTO to the best + * mitigation option. + */ + static void __init spectre_v1_select_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); @@ -41,6 +60,8 @@ static void __init spectre_v2_user_select_mitigation(void= ); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); +static void __init mds_update_mitigation(void); +static void __init mds_apply_mitigation(void); static void __init md_clear_update_mitigation(void); static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); @@ -165,6 +186,7 @@ void __init cpu_select_mitigations(void) spectre_v2_user_select_mitigation(); ssb_select_mitigation(); l1tf_select_mitigation(); + mds_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -175,6 +197,14 @@ void __init cpu_select_mitigations(void) */ srso_select_mitigation(); gds_select_mitigation(); + + /* + * After mitigations are selected, some may need to update their + * choices. + */ + mds_update_mitigation(); + + mds_apply_mitigation(); } =20 /* @@ -229,9 +259,6 @@ static void x86_amd_ssb_disable(void) wrmsrl(MSR_AMD64_LS_CFG, msrval); } =20 -#undef pr_fmt -#define pr_fmt(fmt) "MDS: " fmt - /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; @@ -290,9 +317,31 @@ static void __init mds_select_mitigation(void) if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) mds_mitigation =3D MDS_MITIGATION_VMWERV; + } +} + +static void __init mds_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_MDS)) + return; + + /* If TAA, MMIO, or RFDS are being mitigated, MDS gets mitigated too. */ + if (taa_mitigation !=3D TAA_MITIGATION_OFF || + mmio_mitigation !=3D MMIO_MITIGATION_OFF || + rfds_mitigation !=3D RFDS_MITIGATION_OFF) { + if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) + mds_mitigation =3D MDS_MITIGATION_FULL; + else + mds_mitigation =3D MDS_MITIGATION_VMWERV; + } =20 - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); + pr_info("MDS: %s\n", mds_strings[mds_mitigation]); +} =20 +static void __init mds_apply_mitigation(void) +{ + if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) && (mds_nosmt || cpu_mitigations_auto_nosmt())) cpu_smt_disable(false); @@ -592,7 +641,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - mds_select_mitigation(); taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2061.outbound.protection.outlook.com [40.107.95.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8790A1C0DF3 for ; Thu, 12 Sep 2024 19:09:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168160; cv=fail; b=f03HYMu9VmBhmyPRv3adJ9llshLMvV5e6kDRbn+xgGpbxBOjn3DCFTQXNwRDWgv8p0eq7KYTZXYTb5l889xLcjxrUmJKfEvhSXzSEZ9Ir6ATD4facbsLQdRMUIn+3lOiOX6AOHlK2gOByGBLbjFY7wGr5uQRxphScMRzoVFHmBc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168160; c=relaxed/simple; bh=bi/DyGc/MrwOBI0L6AZJWr9QJOKyMUXNfunJxnnyJO8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=vAr8HByDuRJp0/r1U8Vr/DJZ9ryXeEWK+ryPZbhzWUjx5V90hDzOzgziHjvaVSo07xkpVCriBMCQy5OsnGQntQ5W2bRuc5ziMOIhZhzXBJPPWC7BWxSo5ng3VTRTM/SUpxT73UlGtNSbPGFth9xTw0w6hSErNfTIPbjs1gdO/oA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UbFlNGzB; arc=fail smtp.client-ip=40.107.95.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UbFlNGzB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MuS4++MU8wJ/7DDJabDFpH0LAR5puEG4L6ekoSjzYg/LBey+kDq8TTRdRjk0FuraCk1eQUERhyBy2hNlFm7wzLPY4xU5VhAAb9MMz3N2wX+c/CqtklMEdISLl8MzWNY6G5SQL8vTGPhl9pmQtTycaPrkAvkND+yjacMh3hGIxFY2SQDCQcXZZqPv0bKHjUzrK+cw3mCPXK+4QyFyye+dI7B9FwHDQc/hkxh3PKGUPy/uGossNu9k0PkuMTazpjQUZGkXLzcn4gbGHeRtTnOeWxiQ5ZVLulvcvDOepBCQlm5+qmg9CNYneK/gnjiWkbGwgngKfKoceF3y+/gYDSKFTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i9EOqbvhI4FeOandDz6h30TgayF2faM5fR6pb5la3Gk=; b=oAFUlxJKkvlwAzc8FVBVrscRd26fz8l5pDCj/dmKKrio4b7E1voGe/ofSqZxoq5dCxQnNebGY171hNnaPjrq0GLqua7emE/qgx30iIni+7udWIO5pEvq/j/HcnlZ+zbY7nRhBfWsZfYvpD01E/B9cQrnquAlTr9C74HIpdj58MUa50W+1+nTJ4qNOel/7YKoPXzOb8hAF/LihqGghX0g1Fgw4rg6Qw/8TQOxxb+kZ8Hyv5w05kPN/XSKqqHAL9OzzoxaQ2U4iKV458fN9MuytzsaTXqk0tS+iUA4Lb8820pN/5gtwEVIWGj3fMBWYZrdIilZ9t8Ju04RaXq+p71yfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i9EOqbvhI4FeOandDz6h30TgayF2faM5fR6pb5la3Gk=; b=UbFlNGzBMseumaOmlBqqOY18NpPqakAHd6giqw9xkm2hg68F4DFF3W0X71thpHFXv84mk2A09YDrO1nn/qP30qkmxMA2mDZK97x5rdGHtI/LuaINQk54O2JcOPMQgKxWJ0pw3fzfUBXno+3YHmhU/JiuStFxoe6FPmoiz5AV7G4= Received: from MW4P222CA0024.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::29) by SJ0PR12MB5634.namprd12.prod.outlook.com (2603:10b6:a03:429::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:13 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::73) by MW4P222CA0024.outlook.office365.com (2603:10b6:303:114::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:13 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:10 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 04/34] x86/bugs: Restructure taa mitigation Date: Thu, 12 Sep 2024 14:08:27 -0500 Message-ID: <20240912190857.235849-5-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|SJ0PR12MB5634:EE_ X-MS-Office365-Filtering-Correlation-Id: ef58381f-fb88-4013-f114-08dcd35e63da X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|7416014|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?uncFFsOgiLJ6ABjuURvjzTKhjmYDJ8bulyI6glzRQhqOSIl/CYKDpYivut49?= =?us-ascii?Q?q0Bmn7mjFy0tPVCW3nuQqhRDMsiXN+BlepZQWbVlcQ8G7JFhaJStCJ8tiJJU?= =?us-ascii?Q?6QSCfYiek46F05th41DP1oDm1pUCjMcDj5XypjB327iUnK+55IgujOsJXt6G?= =?us-ascii?Q?2uZDIgfW0E/N09haoSVzYjz+4NblhVzvJJIMFdKn7/yVMi37+3GVpKjx0cJt?= =?us-ascii?Q?kXD8fKITWbBtBliA65rLf2rvJQZR2jGHhR6msEGmBhiRiBr1oF5x0lBMHbri?= =?us-ascii?Q?VFc4GTKG5Six7YpVFOg7NR2H6yx+tiebhJPzyqbCmLx/F5cNjbY90W9pLEf6?= =?us-ascii?Q?93duyHA0V8RGPuIDFCnCBQtbSlhdfOXQEHIKgwXv2RT09VGbz9sW33nhBtxp?= =?us-ascii?Q?Mzs6Uww95LrUzVTX3mt83VrRbuC7m3ORe8ERacQvc2Wd53juR1q6WvGFmtWz?= =?us-ascii?Q?3QCDQi55Lf9oUJ6QkMf631oKnPHbKDRioN0uWoKuigMvhI1NOBdEjDNgY9RI?= =?us-ascii?Q?e8cdmK9eg1P0Hp7+BtpP7cKMk3MNb3vj2696/Zf/YZW3DHeXXivD9qxw177Q?= =?us-ascii?Q?L4hfF6ZQ3Mn7TyESnr9pv478GtV18If+A70KZCmVPl+IYm/eRXiAg25mqU0m?= =?us-ascii?Q?IEdSWzmiTaIuAK7NDXozyoQebcj+sqeSm0S30Y1TxcIgRhnFSX2SbKHvegIc?= =?us-ascii?Q?ISa+HS+f+MSFb2MS9wsU8FD6+0QHMMGvwSxDMIu6pbk5l3pl1oAzw7TwllJX?= =?us-ascii?Q?ZSXA+pkwlsIgJRVAtzFFyTCzd5NjDHsfZvDgtHHiTZUgtSIjBKglEDw6laJi?= =?us-ascii?Q?t+Do3VUYJH8aOsOU8rKKucx5GkEPAZxLed46rH60s8vU2hwBdCDglZcBOe1e?= =?us-ascii?Q?hnOySDYH7pBQitMr4v05E+akre+HhtLUbHgqiD3PBt9p1ySePoLQwRqY0UHL?= =?us-ascii?Q?lu6iYdeKJ5oo6S7qRAI1mwSxxKKXf5NcLi/cz37NIiQf/TRoJLDbL1nMfih/?= =?us-ascii?Q?C03I7P51im0uDoXx0Z5PbGHNFmn85lcsLHwkK4CYoX+OxYBNnO1lnf9NbHK+?= =?us-ascii?Q?B55M665j98xnQXIJxKt61xYOzHyzn7T5CO5tYp65Fcm+g7EaKDrfagtN3bvr?= =?us-ascii?Q?/BmDQEXLuLB+Hxvotdy7EwxAbMXLHyGCuCW4NWJtmtMJhVOIOygZC8iYBWt7?= =?us-ascii?Q?wWzyk8e8hw21dRiD9yEHz8seM0g3noXXcU9J/K7ZkXM3hVAEWW2ktyEfsW3P?= =?us-ascii?Q?AhlPRwZhxnOoUdmfcMx60jDGpWwuR9Fd47noMZWaDTLs1aasNzNuGbK2xrr7?= =?us-ascii?Q?Nq4pdL7SYPA/G3ZFy9TjVqtcGPyJb9lomm2RAyh9jw0AicNVHCYcoO3YrFy7?= =?us-ascii?Q?T0Fv1nhj7Qwr+YuNPhn25CvSsDRJOsDlqdsZ4ryWLLtu4WQYQRZLNfPmod/e?= =?us-ascii?Q?nT1kqS/cHzbMXmF6+uhKMy6+ZChK8871?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(7416014)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:13.4041 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ef58381f-fb88-4013-f114-08dcd35e63da X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB5634 Content-Type: text/plain; charset="utf-8" Restructure taa mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 56 +++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0bdd4e5b8fc1..3c0a0890d382 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -65,6 +65,8 @@ static void __init mds_apply_mitigation(void); static void __init md_clear_update_mitigation(void); static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); +static void __init taa_update_mitigation(void); +static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); @@ -187,6 +189,7 @@ void __init cpu_select_mitigations(void) ssb_select_mitigation(); l1tf_select_mitigation(); mds_select_mitigation(); + taa_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -203,8 +206,10 @@ void __init cpu_select_mitigations(void) * choices. */ mds_update_mitigation(); + taa_update_mitigation(); =20 mds_apply_mitigation(); + taa_apply_mitigation(); } =20 /* @@ -369,9 +374,6 @@ static int __init mds_cmdline(char *str) } early_param("mds", mds_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "TAA: " fmt - static bool taa_nosmt __ro_after_init; =20 static const char * const taa_strings[] =3D { @@ -402,11 +404,13 @@ static void __init taa_select_mitigation(void) /* * TAA mitigation via VERW is turned off if both * tsx_async_abort=3Doff and mds=3Doff are specified. + * + * mds mitigation will be checked in taa_update_mitigation() */ - if (taa_mitigation =3D=3D TAA_MITIGATION_OFF && - mds_mitigation =3D=3D MDS_MITIGATION_OFF) + if (taa_mitigation =3D=3D TAA_MITIGATION_OFF) return; =20 + /* This handles the AUTO case. */ if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) taa_mitigation =3D TAA_MITIGATION_VERW; else @@ -425,17 +429,38 @@ static void __init taa_select_mitigation(void) !(x86_arch_cap_msr & ARCH_CAP_TSX_CTRL_MSR)) taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; =20 - /* - * TSX is enabled, select alternate mitigation for TAA which is - * the same as MDS. Enable MDS static branch to clear CPU buffers. - * - * For guests that can't determine whether the correct microcode is - * present on host, enable the mitigation for UCODE_NEEDED as well. - */ - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); +} + +static void __init taa_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_TAA)) + return; + + if (mds_mitigation !=3D MDS_MITIGATION_OFF || + mmio_mitigation !=3D MMIO_MITIGATION_OFF || + rfds_mitigation !=3D RFDS_MITIGATION_OFF) + taa_mitigation =3D TAA_MITIGATION_VERW; + + pr_info("TAA: %s\n", taa_strings[taa_mitigation]); +} + +static void __init taa_apply_mitigation(void) +{ + if (taa_mitigation =3D=3D TAA_MITIGATION_VERW || + taa_mitigation =3D=3D TAA_MITIGATION_UCODE_NEEDED) { + /* + * TSX is enabled, select alternate mitigation for TAA which is + * the same as MDS. Enable MDS static branch to clear CPU buffers. + * + * For guests that can't determine whether the correct microcode is + * present on host, enable the mitigation for UCODE_NEEDED as well. + */ + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); + + if (taa_nosmt || cpu_mitigations_auto_nosmt()) + cpu_smt_disable(false); + } =20 - if (taa_nosmt || cpu_mitigations_auto_nosmt()) - cpu_smt_disable(false); } =20 static int __init tsx_async_abort_parse_cmdline(char *str) @@ -641,7 +666,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2089.outbound.protection.outlook.com [40.107.223.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 856741C1AB5 for ; Thu, 12 Sep 2024 19:09:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; cv=fail; b=ssAJX4Q0FZmC9aMbaLZIH7/ds2fmWjce3hEpiVYKm6Ph5IPR9WRaOcJ+mnQaYtTzH6zRSC8VtEkIeqSWYMQKRPEqjlp2cPQyWc55tXI2qfjLcM2cQ5U/nOz4kcmQWqGi55+OEiM/1GiSqBZGbWB7jECUMD1PNG4WtDK8NEKBdKA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; c=relaxed/simple; bh=9sODqp3ArXApdZavbl9h4W6nhZYHxBxJatX2CdeXsEE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=d6F/41+XR08JttgffUyWU4lnCsCZDoa6p3cFGsbYY/nqX2ozGBJRkZS+YaOHXriewI4oaoLm5rbOt6cR9pQ6PRY062MZqx5MkcaZgSGXJg2FVpcH2OoJ+Hf5qzWv9JBhG9h/WUpB9CL18YIlFuvxcbjERgdcatGdd4PfEp/zPIk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=2ZZAYvUJ; arc=fail smtp.client-ip=40.107.223.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="2ZZAYvUJ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fcznI9goACuNCLMJ/qkC0r9lImGPCqpVgwCQUpfHzuQ60oecICiLJkPE2IIygmLWMQk0ds4AgpNABsgv6IlO09EoXqFik2nz4R5+Nd94d0CCQRCIQtyxhuP1cR1ABhRG7KX/58RmUvKpBFAR6W5Jinbn5aoY0jEOvAI/ULqBZF9pvYdkST/KAgcc7Wyx+1n+Wja+UqltCutPcl9X5Otd3aL4oKpKqiKfsV01Nh7cSZqiR1l89H87L7IKuCMvpPzmaJWhUf1NpRfuff/dJctNyDE4HFYYCydsTiVw46zViaUwEvHA3XHEF+AXTiEucLAMlHoEumN/3kIpEznSMhFY/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mIbbiT5T31dKrM++l5FCs3Vl37sTmFy+hVVVnQiKHcY=; b=iaTEoRmLDcyhS2X9h7tMP0rZpuNa6fiOaKLKpIsgAZ9HLkjI05xdcVzZVs0O96rYRTQTsb2oJMNqzI2DbrXsDvKywM4gkB1eAGKcPT0+J/JykoLq6kPb8zlFMTjM61m9u3FdTaOHiHxj03O8gppIeiNgmU1Lz9XWPWbEF4b1YR1TAeCCVXBHk3ceXL0oV7qxCDj0+TF2Jh8dlpwczCEooO1gSp0PrtqUXNNClWt7HQh1U3Ccci8bKITe+Tln8ZLmqHo76nKIRChbcfNMhINl++jJRARg5sQyv4OCY0JlCICxLaNPE10YnkZ6FfQt/Spcv5mTYi4pJQ7kAQU9GWpYFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mIbbiT5T31dKrM++l5FCs3Vl37sTmFy+hVVVnQiKHcY=; b=2ZZAYvUJ09uZT4ZTDBNJ2nQa8JOgv3cwJtgnV9aO7VUfCJ2+eSGPaHObkscqNHurbPOAmABTunFzNMpEX9t+/+L73lfl3hjrXyZu9NrTL3EVEypXo0HM0cX5toseeCd4ySuQ85IMnniRic54FtuVt7XcyrO/vPwk4zTqAxgYM14= Received: from MW4P222CA0013.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::18) by IA1PR12MB7590.namprd12.prod.outlook.com (2603:10b6:208:42a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Thu, 12 Sep 2024 19:09:15 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::e0) by MW4P222CA0013.outlook.office365.com (2603:10b6:303:114::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:14 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:11 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 05/34] x86/bugs: Restructure mmio mitigation Date: Thu, 12 Sep 2024 14:08:28 -0500 Message-ID: <20240912190857.235849-6-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|IA1PR12MB7590:EE_ X-MS-Office365-Filtering-Correlation-Id: 4ccc18c0-4051-4870-c46e-08dcd35e644f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?r4kcwYR+8kihbZ8Iyn9vSWzAHGHBY9zLAue6lcuJaFVICXsW4P4zyLnG9sH7?= =?us-ascii?Q?Abq9pQ3mHAIVvFUQJ9ONpj/lm5lGzV9Zk9XzZMLor5fb8fnaqWZkkS/zYskM?= =?us-ascii?Q?m6IYqV+mRlJ6W+x+boPUOYiZllaBWJT6HN3hvAee0vGaquoFCjxh1bak24uJ?= =?us-ascii?Q?imSs3lo+Ut23/wyK2GWKJe5YmxLcoAvi6OW8sEABLgtJx9y88Fn+S2IG55Qz?= =?us-ascii?Q?IQIzlcThsLzUMq/C7fLpfYMLZb288vkiz7BdNw4BjDBDTLBOySBLBnjvRvWL?= =?us-ascii?Q?CVWJq/FMIPMCbEZDekM8K/F0AoNEFTZXiDRHwsy+IiJJYHqWz3wo4jA1XRz+?= =?us-ascii?Q?Padj9+Z/Ebq394/O/5/Axo6SiQsIWkGyDOMtv2BSy5jv20ZhgJLe26+x719R?= =?us-ascii?Q?61Xs4yWhue8NWDsLjdtooN0bJXqBV62wmeo9utqRQOTFhWdyM4KV/lNTbX8/?= =?us-ascii?Q?u4o8F/nIe+BMK+5emPemw9UtlAsxqRIEqAVWZBXhJJcSp5YcL/oceADic6Ty?= =?us-ascii?Q?fCdcjE4oDOTPtM0rWpMRnq76q3p3s6w83iJwsks5yWnvjEolYvyydPORHn49?= =?us-ascii?Q?2naSj9UXR1MnbSDXc0smM96E0J+dK8Ij2+qs7thDZXfO7i3h9tZ5WmNJsEKR?= =?us-ascii?Q?hYW3j27dv8bnExl5nxQ3NMozQs6fSkVFsJwU4jZafz3hXjyWYfpFBxcbF2Hb?= =?us-ascii?Q?MKdarn0nRHvFwQZ51fRwkqnG0TwExbxu4rJbv/yzhJhRe1Xhob9t1gDUuCo9?= =?us-ascii?Q?uW1tA2wk6HuLDV7Wfz3XpJTcjqVdPCtZe+xoY1gGDWCcVZbPLSgRxr8Vw9vd?= =?us-ascii?Q?8p37A1QKdXcA7sYEb8xczQK6n0JFTj/OSKoP+mb1il3Nb+EdgCyoOF3c8cmO?= =?us-ascii?Q?YcRrv/bKeiupsIvzWXFo90xyd4NQ/qrR6a/goa3tDhcHgkgzqxodellXkvVb?= =?us-ascii?Q?k9SIXeFbQkxxCKp730Q/O+AMF3olqzTRQKa7hPoRjZujUISN1yypS7Hx4eHk?= =?us-ascii?Q?d9peg5cwQocpKsbYPDt3dcL9W0JzWRtQVwcdonTfJcnlQOtxJXJOs4EVW4Lu?= =?us-ascii?Q?28piVhijtWYQqjEKvMyBCthEEB9+SymEHWlWDdS+njhHa8ku9s/qAfoko+CJ?= =?us-ascii?Q?JJWysPkA9nI/EBBN58SapZ03qHKwBNCO2fzwhBxK74MpN7TYkLhsv5kJP3QN?= =?us-ascii?Q?m4eATCgQbV8YNbSsPcx0TulBYIBQxihiMeNvxXZh5PD69EBMxwDcs7F90IeQ?= =?us-ascii?Q?vVhGuXpmOTR7/51EELTg3SK0C0+yJgDD/4YEVYpecd4EuJCT8jVSnpw7RNHN?= =?us-ascii?Q?CTKWxDCGMRWIX947VQaPy8dk0F798tnkiiUfwbOrbx6JY9Cy8K/h7nAKdZJx?= =?us-ascii?Q?8VvmEBdDgE4v++pUfWcjBrXdYUARyK+qrN8SZlihq+m86c3AEs4GEiGxuKUP?= =?us-ascii?Q?QRfAFZyPyyPV5tbyr90Pb+lFzZcmk26F?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:14.1541 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ccc18c0-4051-4870-c46e-08dcd35e644f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7590 Content-Type: text/plain; charset="utf-8" Restructure mmio mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 60 ++++++++++++++++++++++++++------------ 1 file changed, 41 insertions(+), 19 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3c0a0890d382..0b93a0f030b7 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -68,6 +68,8 @@ static void __init taa_select_mitigation(void); static void __init taa_update_mitigation(void); static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); +static void __init mmio_update_mitigation(void); +static void __init mmio_apply_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); @@ -190,6 +192,7 @@ void __init cpu_select_mitigations(void) l1tf_select_mitigation(); mds_select_mitigation(); taa_select_mitigation(); + mmio_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -207,9 +210,11 @@ void __init cpu_select_mitigations(void) */ mds_update_mitigation(); taa_update_mitigation(); + mmio_update_mitigation(); =20 mds_apply_mitigation(); taa_apply_mitigation(); + mmio_apply_mitigation(); } =20 /* @@ -484,9 +489,6 @@ static int __init tsx_async_abort_parse_cmdline(char *s= tr) } early_param("tsx_async_abort", tsx_async_abort_parse_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "MMIO Stale Data: " fmt - static bool mmio_nosmt __ro_after_init =3D false; =20 static const char * const mmio_strings[] =3D { @@ -504,6 +506,42 @@ static void __init mmio_select_mitigation(void) return; } =20 + if (mmio_mitigation =3D=3D MMIO_MITIGATION_OFF) + return; + + /* + * Check if the system has the right microcode. + * + * CPU Fill buffer clear mitigation is enumerated by either an explicit + * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS + * affected systems. + */ + if ((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || + (boot_cpu_has(X86_FEATURE_MD_CLEAR) && + boot_cpu_has(X86_FEATURE_FLUSH_L1D) && + !(x86_arch_cap_msr & ARCH_CAP_MDS_NO))) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + else + mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; +} + +static void __init mmio_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) + return; + + if (mds_mitigation !=3D MDS_MITIGATION_OFF || + taa_mitigation !=3D TAA_MITIGATION_OFF || + rfds_mitigation !=3D RFDS_MITIGATION_OFF) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + + pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); + if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) + pr_info("MMIO Stale Data: Unknown: No mitigations\n"); +} + +static void __init mmio_apply_mitigation(void) +{ if (mmio_mitigation =3D=3D MMIO_MITIGATION_OFF) return; =20 @@ -532,21 +570,6 @@ static void __init mmio_select_mitigation(void) if (!(x86_arch_cap_msr & ARCH_CAP_FBSDP_NO)) static_branch_enable(&mds_idle_clear); =20 - /* - * Check if the system has the right microcode. - * - * CPU Fill buffer clear mitigation is enumerated by either an explicit - * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS - * affected systems. - */ - if ((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || - (boot_cpu_has(X86_FEATURE_MD_CLEAR) && - boot_cpu_has(X86_FEATURE_FLUSH_L1D) && - !(x86_arch_cap_msr & ARCH_CAP_MDS_NO))) - mmio_mitigation =3D MMIO_MITIGATION_VERW; - else - mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; - if (mmio_nosmt || cpu_mitigations_auto_nosmt()) cpu_smt_disable(false); } @@ -666,7 +689,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - mmio_select_mitigation(); rfds_select_mitigation(); =20 /* --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2049.outbound.protection.outlook.com [40.107.236.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 51B811C1AA5 for ; Thu, 12 Sep 2024 19:09:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; cv=fail; b=WuEtRnIje7jFa6YhjuQgm/PxciXXXMc6Z0irD5hY6zE0GcmtF4fVAuxqrn10IFHY+ip35zL3LamnGmJ3zCosvJsmhD6LdQo81wYa1pk14TnHYu5yMJW/IDhSeYfP7mtUlHrD9srSEe3vDUQY0jkzRADF0dFLu+6y5EUv8i20p3U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; c=relaxed/simple; bh=iRy2qFPJGfKjRDuZC57rer0ZVyBYXlLEKqyYViQWGtU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=t+p1Y8iaeoUbMQ+YUd20dm6vY7TUBqf1DuvpIl7n25nISoQe/kAYZCySGwSUlU1VJRrjd1RSbKOHIhNfLZ/Kz6vd3DmugUbT2IPoUVt5aQ3XYEZkbAVgkSjtKj6p7Xq1bS6qep30/fISFm1KGhGOj/1TGNeQDBN4Pg9nN6ra4kc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lBz1fRHX; arc=fail smtp.client-ip=40.107.236.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lBz1fRHX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c0A8/geQl4vxStk8cswJB2ohWPBir6FzbHHvlQgb95rvxOy7lYv2rZ7U/dFCnTHFXY24LqU8N4wh9NET5KfHZeHv8u2/KsmbLGXFafJsRRXHXPFsVz0Ayklvlu44Hd5oozAhqm5NpMi4fyzPAnvJjfE+v4EzQW1NOzFJRLR2n2Eb4m0Ahdp2meDSOKA6lNGhwZ3wRTSL9vYL8CMGzZ3HK6ZZDyYfPWuNq/6260U4GSf0kp69lgi8imsEGhJrzt8M257mEn+ccraP2l1pndrCBtHWWEOBGmDFDBHay+zXE5mxWNREstEXNtjXuryoMJIcpsp73Ri4qYT+TAm/0cJA8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wg4Qrf31H9I93CZr/JdLWWzFjg6g7M5UID+InX2Su+k=; b=jfAe9DTcxl6V3hg0jo/pVYVOt1aI+fIqypmjH+o1NeoYt717K7SvAOPn6DgqQDlkbEXXPcan0Gx8fePBZG3XUp5A4cy/71mcqgILP26q+iZpSCpTixGIYnxXzSWFNy6Tp1I3AT+5K5Ug6VLs6XIyQpOWkVKSpH7OwHBfl7SDbo1oqXWZodcOqM0HYFoK97/HsTLE3l/Znlx/1HNOANuug5jOgjomTf1fyjpNWTbc3yfqWZF6M8N7K0DdGMh/diml27YSSRKx7Ca39rHT0mCkUjFFXxBqjX5UPpOqglaF5FKCzlgtGm0utGFaMAxlo0u8hA4X5mpXyVeKEoJdtr75+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wg4Qrf31H9I93CZr/JdLWWzFjg6g7M5UID+InX2Su+k=; b=lBz1fRHXhKBp3YFJ9Qp8Q9z4TvQOQLGLzo9rsPFwY/rXyU8kmNRESKDfiS3HbkenuMxxbb0Ls8O5rhMBq0Du98sHYq3qsdmzOYpWk2aA1qTSpK1+BVTFddjdqIVV2UijnIhfO2NoahRZJsMITgQFHTjUKRQxtkFb186Zm8W/3nk= Received: from BY3PR10CA0010.namprd10.prod.outlook.com (2603:10b6:a03:255::15) by SA1PR12MB6846.namprd12.prod.outlook.com (2603:10b6:806:25d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.20; Thu, 12 Sep 2024 19:09:16 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::e6) by BY3PR10CA0010.outlook.office365.com (2603:10b6:a03:255::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Thu, 12 Sep 2024 19:09:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:15 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:11 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 06/34] x86/bugs: Restructure rfds mitigation Date: Thu, 12 Sep 2024 14:08:29 -0500 Message-ID: <20240912190857.235849-7-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SA1PR12MB6846:EE_ X-MS-Office365-Filtering-Correlation-Id: 6a62bd13-b58b-4537-4d15-08dcd35e654a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?s6JYqRWQrNhjCjk9ghfV63bzi25F+ovd9W25BRmu+Cko3jUgNmctduh1+Y4N?= =?us-ascii?Q?7ofMqWWiUUhjHbM+en8johoMvEcJLL8WwwgKIKBOVCoRVx47F5C4ROephmdK?= =?us-ascii?Q?iCbizZB9611O3vPplZgMyrh/junJIgwLIr8OunRPvOgcI0j3kPfMf7YD7NhD?= =?us-ascii?Q?MedM5kOU4a55oOuoLD4d01idHGkHF2oUgjiarAg+OGQCc5T0P/uP9+khDHw3?= =?us-ascii?Q?Awm9ZxLuup/9CgaivK7N81g0RElyWWiyHTJDt4QeCaobJJS8RMGYfVnfgTiU?= =?us-ascii?Q?kUa4/1W8h9iyLoURPxQ03zSuMqU//CInRT9gcXbzu255lERwgdPM0hVFtYyX?= =?us-ascii?Q?BmHjawypWK9JOq+oXRShnxyt0b44OpCQ8R75/NfdpX8XOlgQVzImqYIMBaoe?= =?us-ascii?Q?KVSi1ilV75xCG4yW9mR1pGa80rFoe/Rd5VluJdfr6bP1xKpNKR0h8WyvKojO?= =?us-ascii?Q?/pBFjwzGjaFDG7wLnL5HO1D6iIItgd9rPfSAqlD1uFdAUJROVvr8AkStatlA?= =?us-ascii?Q?9HA0Dly/7qQYbwE3+BA12sDhXiHKDHKAsV1yVtQ76PH1GAF3o5HHnt+Y3Ua+?= =?us-ascii?Q?TA6uUV4dSOBkgW5W5RrH2uKaznanjyX/i3yFZyXcE4iK57t80r22FbdyjKxD?= =?us-ascii?Q?lQX2EiNHTKS+iazdB6+Mrsywu7T1xb/Eqxr10IT1FrDPUpyVVK17ORfiHfqL?= =?us-ascii?Q?eu48qs3Gfab8pG8PCLA4tOsS0oDVaBmMNmj+dIilOph+Gk0I9skpzI+tI/X4?= =?us-ascii?Q?BLx8L9FUoNyZ1xwua4cnBqKP8zUM6d7LzEaRQXNC4ra6MSQoRtyG5nIyfq8y?= =?us-ascii?Q?ijCjpBGpOWj/5Fbh+oIErQSp5d5tvA9iDQFbpzMHca+2jxax00PoMg2JWUSJ?= =?us-ascii?Q?Hb+p8buhnO9JG3v3sw6gx741lTckdgSGqxTBn5HRkJIx+bj1/vdTL3qPsJh+?= =?us-ascii?Q?va919lG2KxvWIccXM+BSSQM3S1N++dYQJiXBmVUQ7itav3TKGsvzHdbythdD?= =?us-ascii?Q?j1z50EJTC08RZltgwjDvnIQ0PmFwiD7wjJuX6pKpc0DzDRzaSG8pTmnUchgV?= =?us-ascii?Q?Bt+R/YDsSFX5dvApulQQ2iz01xbi0X2szYTZkCRuJ4zo7bU+ldQ2+ZFLNCde?= =?us-ascii?Q?1+iEdNkTJfBzXfyjZ2HU5PPTwC77M7an6PVBXJ71G+VqO+bJm3xVZ1q895xR?= =?us-ascii?Q?bU9jzleAo8WcyXhEO5P3PBtFFlHDXAQ0Iox1qDuDvrEjgMsjuG+2Fbdc42cX?= =?us-ascii?Q?7KRnD/PUihA67o0lhT1Gb+kNMrySxBPxfU2UyfQSsBN/a07Wr2ex1vBzQ6q8?= =?us-ascii?Q?ub5BzDfH5Ge391dG9EuP1m9NpJBxBIZWYbhheRwkC3R90Vi3YXpDmrTIDMe5?= =?us-ascii?Q?UInYDqV8QNsg7SKKJuSDxoNOOJBSmFTYz5cTbrlQWYYLpE3wLH9A53luyFNY?= =?us-ascii?Q?2xt2POOGMJqg1F2KL2lhAwvgu+BnpSS+?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:15.7959 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6a62bd13-b58b-4537-4d15-08dcd35e654a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6846 Content-Type: text/plain; charset="utf-8" Restructure rfds mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0b93a0f030b7..d3e6ce7238e4 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -70,6 +70,9 @@ static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); static void __init mmio_update_mitigation(void); static void __init mmio_apply_mitigation(void); +static void __init rfds_select_mitigation(void); +static void __init rfds_update_mitigation(void); +static void __init rfds_apply_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); @@ -193,6 +196,7 @@ void __init cpu_select_mitigations(void) mds_select_mitigation(); taa_select_mitigation(); mmio_select_mitigation(); + rfds_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -211,10 +215,12 @@ void __init cpu_select_mitigations(void) mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); + rfds_update_mitigation(); =20 mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); + rfds_apply_mitigation(); } =20 /* @@ -595,9 +601,6 @@ static int __init mmio_stale_data_parse_cmdline(char *s= tr) } early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "Register File Data Sampling: " fmt - static const char * const rfds_strings[] =3D { [RFDS_MITIGATION_OFF] =3D "Vulnerable", [RFDS_MITIGATION_VERW] =3D "Mitigation: Clear Register File", @@ -613,12 +616,34 @@ static void __init rfds_select_mitigation(void) if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF) return; =20 - if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR) - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); - else + if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + + if (!(x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)) rfds_mitigation =3D RFDS_MITIGATION_UCODE_NEEDED; } =20 +static void __init rfds_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_RFDS)) + return; + + if (mds_mitigation !=3D MDS_MITIGATION_OFF || + taa_mitigation !=3D TAA_MITIGATION_OFF || + mmio_mitigation !=3D MMIO_MITIGATION_OFF) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + + pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigation= ]); +} + +static void __init rfds_apply_mitigation(void) +{ + if (rfds_mitigation =3D=3D RFDS_MITIGATION_VERW) { + if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR) + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); + } +} + static __init int rfds_parse_cmdline(char *str) { if (!str) @@ -689,7 +714,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - rfds_select_mitigation(); =20 /* * As these mitigations are inter-related and rely on VERW instruction --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2047.outbound.protection.outlook.com [40.107.93.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96D381C1755 for ; Thu, 12 Sep 2024 19:09:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168162; cv=fail; b=OfeA7Pivo37LDRy+5y1xN9B2tB7rvldqSzIx/140iOmZuFtXY7Na6fNfwZFHhN94JlaLwSI1SfIsuTcbuZkGsoLpoXgctcGWDE/P+n6sVi0OlnM4jt3WWcjCennV9qZNwGijciUNE/2O0CLFw/iuCIVwbU8A+Ipo35ffavxXpso= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168162; c=relaxed/simple; bh=AAqBz+/JpUJ/Tn0zBrm18Sv5bWwEk4XYDgq9DaQENvk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pt3/3AY09Iy1ky5Jy21fWfguZHeiGO82/RXty3AAhGaM+pTZp27AJPdR0+7F8dmQBffN75d4dCXJUuMSJH234IWJV0hQV52uEETx/FawZXn61e/t72SWyrN0fsZSZga/DtmBUgRAvoBpE//yBn5OPITUph19YTkC1QNiJCX5L54= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=pd3tKEUV; arc=fail smtp.client-ip=40.107.93.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="pd3tKEUV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=I3m/yrI3oB1couBmr/umq+l+QZepVA1MHSLGY7de3BFljUO+Dj5SvnXyL0mN6DShyx8RFXsjlOF11x3zc9cJiJ7+vh4RLCqaOYZuQcF3QNZpohYY0Wzw56/qPlyYZQw/0i9dvjT8Jvy1uAFn25pXvlbEvM1oLqE1CvvKprguh3MTbCjJOg5MlvoDO9d3C9g+rWVZT4OAW10QHg6onTExvD+/WVrLVICB5wAmpcK6XyJIRbJdXtz6VsmaUW7ZZvsnkxzaQpK3P0bpKOwxLkSW0qH9j740Z/WNkD7zzl/OX0hRQaL+AdWI2KlBDIDtiBTs6r+y5lk5W5HZHwrNyLdjfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7PN7cG0zo5y/9+Gfu9G4um1So66CFCbVl4LtrqNall4=; b=mYYJKqDf4LiyCcZ4OVEJynGTDf5GOsBxB2IND2jQOOSTnNT4eHqNRuJPgdtKmg84R+NFoden1QUskWqS9AFosnE+W8Gx5vEmzGLVE8ErC9v96GfwmjJESwSMIlZSV4R6oVSNX7YbIx877TFykaVkNsZGxJCLWvEFyhjJUVlPuWU5hu+rUCQXt6EKMwdJldh5IE5npNTVoZKzc7PXLml2V9qwpVGHGxRy4J1ASHRr4qvwwgkxsQ46NcBetUjBRNJ9TfxGDjXqgaH69IxPlfU04963sigigZvYn1Pj5SPQ1zkdwehnEqvckbxwx1DW8HPjQlvXGIDAV4jGySjF5usV3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7PN7cG0zo5y/9+Gfu9G4um1So66CFCbVl4LtrqNall4=; b=pd3tKEUVTu9l3cUbxkd1VAc7rbtAWp3tko+axP667AF8FzyoE1ugqtPgX+67EcSc85LI0BC3agsO0H2NxOc3x3THIdGoAdTn2SmQ/PNDf2aPD43z1nLEghno6SzXm19kcNnavdb4G4hXXjZJ9eKjMJu6w2lGmY1eKP36PlGLGyk= Received: from MW4P222CA0026.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::31) by MN6PR12MB8567.namprd12.prod.outlook.com (2603:10b6:208:478::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Thu, 12 Sep 2024 19:09:16 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::8b) by MW4P222CA0026.outlook.office365.com (2603:10b6:303:114::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:15 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:12 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 07/34] x86/bugs: Remove md_clear_*_mitigation() Date: Thu, 12 Sep 2024 14:08:30 -0500 Message-ID: <20240912190857.235849-8-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|MN6PR12MB8567:EE_ X-MS-Office365-Filtering-Correlation-Id: e5bd5734-0eba-4281-cdf3-08dcd35e653b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?aTLBUbdaQd/l0zkxRUkQB8GLo9jXwbuOtiRCt4DW1zjvhX29UigCD8pyB9fm?= =?us-ascii?Q?crKfXDuIWZn6Jp/rI+hymUNtwtsr7+b9rGhx4mflClrfIxKEiMP989sT5w8Z?= =?us-ascii?Q?WUxTCLN53ChpUgbVnkqYcXSrqLxRP7c8kDGwVHOLyxNIA0vf1zEI1LSLZytH?= =?us-ascii?Q?zFU+nLmNR8o0LonqSRgYBLGsONDnwM4k76h96CJVJZKTQQBxgNOzHqCUVwpR?= =?us-ascii?Q?EnE919DR297kWJQbpBrgCOCu8PtAajoJ77ftjhoSBVuFJPnhYTPnIw7RRcx/?= =?us-ascii?Q?aRukOVr82V1wq0LQudPhFEBvmlEYU6qEWlujz+Qvyfv5stXMQjEi3lSPpA0w?= =?us-ascii?Q?G8UA/55Uue4alzHXmlzgUlG3KqZjBn56sTodp7oimtlFX/ouNPwDlcQm6XLc?= =?us-ascii?Q?Q6h874djgpbcyPfDC0/ymTVOx4U41YVBXNzuJFawGIHyILLrBGhj7JSLaawH?= =?us-ascii?Q?3DHlNkL+OMWpx4abW1p4HAyF6ChTcsdtHXhVQ/RN9R1fW21wCBDrvhje2Try?= =?us-ascii?Q?jZGsutNRfZ46IhxVDUT4Y3JD4qCIx8zYKu64H9t9dazM7a0Llp8E4/1px9C1?= =?us-ascii?Q?vkc4bn6yVdQcdd5iXoatosfPxIt3yi6j9+bC2wZ9XCDxPxzmzN1M0nXxeQOC?= =?us-ascii?Q?yKF1QQCW69pM5rzWcVMjO1Kj4QKXOilXsMMiHkLZGLUJw7Tb0D8eob6fEsEN?= =?us-ascii?Q?a7oHZzNR5oqWl9XmcCa/2Gu4Z1J86CuoQoG9wnuH37mM8TPTw/3jNUqF8fnp?= =?us-ascii?Q?rLnRG+76waJqpSm6a2xC+EQUCbloz6vKSEd9b2JwBQwit0dJ0PljolR2qzbR?= =?us-ascii?Q?MPbL9hBG19FqK14skGM2ANFuaVEjzpc0G+uLfzmC88583XEetx3DZUCwL29h?= =?us-ascii?Q?6rzds6hMWDLtHd0LRfqG7+T8JMEWWBO7iLlfo+Rht9S2qB7aPGyy2gvaOhVc?= =?us-ascii?Q?DhTTT4D9qCZFoRZj4j83KBgWJO9FXVTt5ceNczXB8r5KBr4e0JPy89JGJBJD?= =?us-ascii?Q?gx3cEei/4z+kdzsjoKMMv/Tl8PbV8+CEW0gmMhFbTDxi74ApSB6Vp48shu9F?= =?us-ascii?Q?vwdvuBic5Xndn5O1h2o21Y3+O9we2SuMalCVY8jR1pnnIzahZt0XpswMBPFD?= =?us-ascii?Q?g8GHgXur+olm1V5b/6FCv5V9SGt2L6j6omcAjmW2VypgjRRhyt6mcCdw70zE?= =?us-ascii?Q?L/1h3KX/5HrfSniRdouik03WcRrf7XsONCpBuVeVfXenXWpdyugkcAtxGkBd?= =?us-ascii?Q?j1+0Zhaw5WYsjT8fMtEIJMc3dHg3dU4ymLHW4+V4XIKh0CjEeahzEvx7L+P3?= =?us-ascii?Q?AK4qgOJjVlhj0eRr+Of5ruosonv2cTBRD09L7yTNVRY+EC1ckV6va7+XKkVk?= =?us-ascii?Q?eZe76e/PAJNW9sUdmpkO2EquXvJ8Xh0O7Gz7OZ9g0V0b36RmGZde3tDslpeH?= =?us-ascii?Q?jjQw7IrLdJUUjEq8lytmRDYxackjAgO2?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:15.7166 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e5bd5734-0eba-4281-cdf3-08dcd35e653b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR12MB8567 Content-Type: text/plain; charset="utf-8" The functionality in md_clear_update_mitigation() and md_clear_select_mitigation() is now integrated into the select/update functions for the MDS, TAA, MMIO, and RFDS vulnerabilities. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 65 -------------------------------------- 1 file changed, 65 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d3e6ce7238e4..df41572c5d10 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -62,8 +62,6 @@ static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); static void __init mds_apply_mitigation(void); -static void __init md_clear_update_mitigation(void); -static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); static void __init taa_update_mitigation(void); static void __init taa_apply_mitigation(void); @@ -197,7 +195,6 @@ void __init cpu_select_mitigations(void) taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); - md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); =20 @@ -661,68 +658,6 @@ static __init int rfds_parse_cmdline(char *str) } early_param("reg_file_data_sampling", rfds_parse_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "" fmt - -static void __init md_clear_update_mitigation(void) -{ - if (cpu_mitigations_off()) - return; - - if (!boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) - goto out; - - /* - * X86_FEATURE_CLEAR_CPU_BUF is now enabled. Update MDS, TAA and MMIO - * Stale Data mitigation, if necessary. - */ - if (mds_mitigation =3D=3D MDS_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_MDS)) { - mds_mitigation =3D MDS_MITIGATION_FULL; - mds_select_mitigation(); - } - if (taa_mitigation =3D=3D TAA_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_TAA)) { - taa_mitigation =3D TAA_MITIGATION_VERW; - taa_select_mitigation(); - } - /* - * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear - * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state. - */ - if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { - mmio_mitigation =3D MMIO_MITIGATION_VERW; - mmio_select_mitigation(); - } - if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_RFDS)) { - rfds_mitigation =3D RFDS_MITIGATION_VERW; - rfds_select_mitigation(); - } -out: - if (boot_cpu_has_bug(X86_BUG_MDS)) - pr_info("MDS: %s\n", mds_strings[mds_mitigation]); - if (boot_cpu_has_bug(X86_BUG_TAA)) - pr_info("TAA: %s\n", taa_strings[taa_mitigation]); - if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) - pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); - else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) - pr_info("MMIO Stale Data: Unknown: No mitigations\n"); - if (boot_cpu_has_bug(X86_BUG_RFDS)) - pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigatio= n]); -} - -static void __init md_clear_select_mitigation(void) -{ - - /* - * As these mitigations are inter-related and rely on VERW instruction - * to clear the microarchitural buffers, update and print their status - * after mitigation selection is done for each of these vulnerabilities. - */ - md_clear_update_mitigation(); -} - #undef pr_fmt #define pr_fmt(fmt) "SRBDS: " fmt =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2081.outbound.protection.outlook.com [40.107.223.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AC501C1AA3 for ; Thu, 12 Sep 2024 19:09:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.81 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; cv=fail; b=LACap1CwPQJ/q4uotJf5LamLbUgIbrIbO9GVMKqeUkjCqQBlOi//cScBOgiaOCbjaiuz/WpF6kTVpvNdbenex3SaH/Egi2YyjYNg+yxieOtfIbsSKMGYrF71IIOwjAmDr+pr2YLJyEU4fzpXolXggrm94H5zqrSI2KipjWjcEsM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168163; c=relaxed/simple; bh=vLPITijN2cQ7t37rG6+3aq+kdur1hgefHiLuu0kUOXM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PWCi3en0Mk16bZWWb6tCFKja5leQJMeiARCjgFx/NyHl0AFT7hJzM8RS9uNomYYJbKve+tWNoeTjPs9NH0l7TJt+vQG0e5Xgbch+pIGs94jQuYxsH2M0kQDPdxM9Bw3KJahSxsvTe7ucR5qzrTYBlgxWhuNMsmb7xlHbm79/4ig= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=i8i2wMUW; arc=fail smtp.client-ip=40.107.223.81 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="i8i2wMUW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZbRsc8i00u8ajcYhskw7MVpXhjr+XdpIegz6EF2xjl8IpWKgLBWTBX0P6CiLWMw9HSxobfb1pBMvO1Gcmy48yicJveBBBsNawWRx2/M8YxtbIUA58bw42mbRyMZaiS936L4EMJbQWkqtFemChXIBD7XBM7vPRmOclaqDSCENkROarJkMazvbBVPuiCQdE1yKZelj4QFsFp9SBWPXDhgkwo/GXiIg7rTc1AXHvgdrs6udVHyHOZrQhqeo1aWIksihucO8TKv8wOH/89ycPrVjKL8dtP7UAvQye9ZgGRTeswJyvHcX1R5vWaDM1wOxfpKjWWerjyMIQXdvYuDM+OP1lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LGhcbBnModAkL2Cb248Vafy9TcThihHbMkSgc8sJEEQ=; b=AtaeJDwOTMi60+XE/70Q4J0TCIjHbZjvawyCJuh5Jrgb7cx+JfTxbLpIGZYZmOgVPHB+cJymN5DK9OrfScgv0KepZRusCAOPEZbnr3P5d//l8d7TP2rfDa8ZGbI7AKzYV1RwPni5IPcPYbP/vQAcgQ4cbF/vy+MRVhcmNTloHMuyokbnR9m0/n8FOhGbk79TQro9TOZkS0qyHg8pHRWA3ctCFcP0XbcuagbrTuBGO2t9pnUKEQzEkhYsO66s/mYEp/pvJrdhMDJ0uYN1mGWfOEVSwFpFLjOEWom+chix13B+Q92WBto6+zFB466KCYp3ccKTX5d35xWbQ50eTikuGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LGhcbBnModAkL2Cb248Vafy9TcThihHbMkSgc8sJEEQ=; b=i8i2wMUWrpoSHd2J/gzdg3hzjBnAaZyJA8qeW0GvbnCQLkNDl5HRW2bK7Aq8AAlsBFW/asoOl2r2I7hrNQ6QElGea1EH+dMtRw7+XODm5WmW7i71pRZuGaibhDQgPChWsSPcaKn9mfvI4kZbXRCbR/SUoOqEebJnnFwlPdVRQ/s= Received: from MW4P222CA0014.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::19) by PH7PR12MB9067.namprd12.prod.outlook.com (2603:10b6:510:1f5::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.28; Thu, 12 Sep 2024 19:09:17 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::fa) by MW4P222CA0014.outlook.office365.com (2603:10b6:303:114::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:12 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 08/34] x86/bugs: Restructure srbds mitigation Date: Thu, 12 Sep 2024 14:08:31 -0500 Message-ID: <20240912190857.235849-9-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH7PR12MB9067:EE_ X-MS-Office365-Filtering-Correlation-Id: 6d73dfe9-e3b0-4dab-d85b-08dcd35e6608 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|376014|7416014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?D71GkIvHp9X0zKrlT0Q8qvjPDn03MHsvU7mR900PxNLPT+X4kPdObzlNr11z?= =?us-ascii?Q?rd2MbuxcBRJLXxzuz7zbcMqkHOHBRr49n2b+OK0fe0+kc7HVavisCSCUeR47?= =?us-ascii?Q?GJYvQxxUqfbf42H+8kSrsgC8zzH2UXLQTYOQbMIKlCv+1WRigtlg2OwVPKVH?= =?us-ascii?Q?D6rV/LyiUxL/+e6KZDwrZvjsZD3J1y3JIeKR9/NtP89BqSFPQ8sPdWOEz+bb?= =?us-ascii?Q?pv4PlVPKXSSwdHInTLK3A9h/1h5Ie0BH+mxWcE/ca8fgxSNRL9OASpyZiHMf?= =?us-ascii?Q?szMZPx6jYUhYt8USHtrFukr1Rf3OmspYM/k6HQgR5LE5sfiPU93ArqEiV/u4?= =?us-ascii?Q?owBl0lqmRikpRj4YFEFWoiPX3v1URwDdvrAbItF4ZZmhmcx+suPfEdCly5HH?= =?us-ascii?Q?Tny+LKGKGuk29tUq8uBablS5z4ax3QnzCDVx7vQBY4NKmvmX/2czmnLkQ5tE?= =?us-ascii?Q?u0zBhkxzP7f5WC/R9JnKQW7uhPJ9eri9AUe5WvTwzA6bVugrH11GIFjAgvTB?= =?us-ascii?Q?fGaLtV2+yaWE9sXV90pyLPWqhQ7rI3aGDZ4bDUU/vMbQsdibKhGVRYNUpzDR?= =?us-ascii?Q?OJ1GHUIjWOXryXxg9i+EH4b5M9GMTPOe0nzlq522yU6lMvk3LnNUOfHQMZaN?= =?us-ascii?Q?z8Sa4KFBCQ16sO4JZJVDwIjOwbLbt5+Aahi8hDCQJeR3a5w7UoY0nV/xJqoo?= =?us-ascii?Q?E5DSpWNNL8BjTKP+iQisMkNS+CiFHc8KVPKHHvVBGsfeo8K3vjCJUYc61JU7?= =?us-ascii?Q?pYulEqG00KOWasNL2Gwc6JUPrZ5e4WQcl+hORO9ydfMMbTVvq57Kiei7qEmJ?= =?us-ascii?Q?OWI7LIdJME2zWKipHlh8GoS4YnvXA7EZkBwOVNNohsgmdsf+zUqQUWKgXH0B?= =?us-ascii?Q?tcNZIJUOZfyP8fymaR9V9R8pxKcp8xiFpOssiuJqEqWCF159k3D4Tj5PO4q6?= =?us-ascii?Q?3MQvKUpIwttoN/dOKSFmkuHm873TB1H8xHgHbaguGJmM5IigXhogIs7LFHzi?= =?us-ascii?Q?WzH1mVDZbtIl41LilxOT2c6bq/vP1Fh4USmyjqaOupwGKpVaXdsQeisYRSRd?= =?us-ascii?Q?3HGK24JeydPNInrmqjxBsQ35s58sBZOjazAm4Hdy09c7wPmqfu9gMkD0VTsf?= =?us-ascii?Q?eP3wqfuLt6VE2HCbDIKuubq53bJXWXpkNbBatMOqGSEA2+KygV7Wf3CG9PQv?= =?us-ascii?Q?EJVP4PkPufrf+WCwA4yRDyHr22wflioHdhXIpGQa0FI+viJcIoaDA2e9H+Ti?= =?us-ascii?Q?c5GgpmHjrpn3EDHeLYV5JWz82CaZOZZTzjqe8GBW7qdWlfUkzL63SIvP8GIs?= =?us-ascii?Q?xB8CYq6NXZzIeGImH4d0tpgKt9840aACMbmNP8Qpybk3HJTOOPq0YtZRUcb7?= =?us-ascii?Q?AtP6RJ3vUhBuP9Kann+a+cDCvwKjr+YM4LHSAI+emWD+bHQrVjfg/hIQWUpE?= =?us-ascii?Q?eHTwaA2iofMpgAoLYjw0QksjCzrBbLNX?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(376014)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:17.0447 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6d73dfe9-e3b0-4dab-d85b-08dcd35e6608 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB9067 Content-Type: text/plain; charset="utf-8" Restructure srbds to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for SRBDS. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index df41572c5d10..0fb97b94f5b9 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -72,6 +72,7 @@ static void __init rfds_select_mitigation(void); static void __init rfds_update_mitigation(void); static void __init rfds_apply_mitigation(void); static void __init srbds_select_mitigation(void); +static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); @@ -218,6 +219,7 @@ void __init cpu_select_mitigations(void) taa_apply_mitigation(); mmio_apply_mitigation(); rfds_apply_mitigation(); + srbds_apply_mitigation(); } =20 /* @@ -663,6 +665,7 @@ early_param("reg_file_data_sampling", rfds_parse_cmdlin= e); =20 enum srbds_mitigations { SRBDS_MITIGATION_OFF, + SRBDS_MITIGATION_AUTO, SRBDS_MITIGATION_UCODE_NEEDED, SRBDS_MITIGATION_FULL, SRBDS_MITIGATION_TSX_OFF, @@ -670,7 +673,7 @@ enum srbds_mitigations { }; =20 static enum srbds_mitigations srbds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_FULL : SRBDS_MITIG= ATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_AUTO : SRBDS_MITIG= ATION_OFF; =20 static const char * const srbds_strings[] =3D { [SRBDS_MITIGATION_OFF] =3D "Vulnerable", @@ -724,6 +727,9 @@ static void __init srbds_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_SRBDS)) return; =20 + if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) + srbds_mitigation =3D SRBDS_MITIGATION_FULL; + /* * Check to see if this is one of the MDS_NO systems supporting TSX that * are only exposed to SRBDS when TSX is enabled or when CPU is affected @@ -738,6 +744,12 @@ static void __init srbds_select_mitigation(void) srbds_mitigation =3D SRBDS_MITIGATION_UCODE_NEEDED; else if (cpu_mitigations_off() || srbds_off) srbds_mitigation =3D SRBDS_MITIGATION_OFF; +} + +static void __init srbds_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) + return; =20 update_srbds_msr(); pr_info("%s\n", srbds_strings[srbds_mitigation]); --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2066.outbound.protection.outlook.com [40.107.243.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57B1E1C1AC8 for ; Thu, 12 Sep 2024 19:09:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168164; cv=fail; b=TOuzUkPSNNqc7rRyCErkSPwmn/VQrj7BLPJlZrzkGHqrcEZz5BM/tzjUxYmOf998dzHv9CiAwIHyuSFcpPFyTkqEZVPLRm/fRgSbe9/E7bgNSCLL/wH6ydbqb9Z2yDQdxid06RLz74BExOpPmncaQ445LQAHYfDIgxfsGgHNqFg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168164; c=relaxed/simple; bh=al3GEiEmj4A9fgAFa4EDHSe/SUAactCdQuHia1u6XQw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rSnInCkJVzi3dcUDVq+rLYZ6UVj4o4NXc8dLVkJHJ6+IBAdFvyeySSc34vWioSbjCrdufjXQICLC2H8E6+4/rLQPAzPR2ev7DVlYO300tHKPYvj5V7/mFAmRsVDf8MGpTh/H5t1qu0MjsKfyXnkiuPL7SziTxPyWSp+PZJg7gi0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=NFXip+q2; arc=fail smtp.client-ip=40.107.243.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="NFXip+q2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GRIfuSv3/XneR/GR31CxpOulpHdgx4su/HXd+1uyX8HK61kZkd7vWL+6+oAnnYF8s89xhNugHXunv9ZcEWTOMax6rnnXTB7dCPUF4u5n1Mht7iTvy5nLDWPa7Q4oZYux3ReAYWt0dFip3HkJ491Z14ghXQvnYE+2dtvh4lMgO7MB43wkg5Xgai0Bk0tZjYmUGaUSy3K9kdXOoT15Dg1xVkECmBC/uDk4c9GxgW0vIK8+CviiVMgMD4megyie+K3Q9fNZWitCahTS+OjvRTOaWA4qp9LVeGQBUqCIIWkWXLi7od3fa6NVebZcREgXslThZOOIZapqhMGqOyjPmJaP4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RRWipI/tqhLYgu45G390IDooBjk7vE9b9+nEIqwCSOc=; b=IvQ8TG115/LLAID3lERRxJgHTCAl/AzvzgTV6SaO4WBmX2A5Q6Lv0cUMfHlslSP26lvt8eBKnDfDIiSU4/5jAwRfgd3jpgCSScj4X+XPmTDRKjVLleZpf9NgqODQ3VPJMwI8jW7h1RWLor1cxDs/rTug6af35bBdHh2YKdtayhXu+B15e1WP0T72UqfdyatGsqyiDIYKgG6kaSdp26dELxRJb40SwZiYpBE+fNBZ3OSsAQoZ15wPGYLAfVANL/7MY7Anq03qeTpQlrnjUcf+PyGjuQhJIIMXi137gKtbfEp9PX7Xc5baAjeo6NL+QP4D2+vf3XxNtA+5pxXOElJDPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RRWipI/tqhLYgu45G390IDooBjk7vE9b9+nEIqwCSOc=; b=NFXip+q28KTmLNmtPwAjPxOAlehReuPNfkU0GiwiE3XTjsCuezqnNRMO4DXlxTx4L7eZVb7U2PnyLTJvLOJyVANz4bg7pSuedMifLVyBqoOFRCFHVqcKeakV8Pi67SKDRydnPrZfAUkOT6MWGGwGGgE4UMiNe+Uxs3xUgUtE4ko= Received: from BY3PR10CA0030.namprd10.prod.outlook.com (2603:10b6:a03:255::35) by SJ1PR12MB6100.namprd12.prod.outlook.com (2603:10b6:a03:45d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:17 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::a3) by BY3PR10CA0030.outlook.office365.com (2603:10b6:a03:255::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:12 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 09/34] x86/bugs: Restructure gds mitigation Date: Thu, 12 Sep 2024 14:08:32 -0500 Message-ID: <20240912190857.235849-10-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SJ1PR12MB6100:EE_ X-MS-Office365-Filtering-Correlation-Id: 7b67ca66-8051-4c07-6aad-08dcd35e662a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|36860700013|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?QKr9CA5+pdQvp8P85qbJrILfwLyFEk80jOZpcerfgz30bQPy5quHGS+WbXt7?= =?us-ascii?Q?UYb/JvdgiMIph+tkJkJ50nNVY/Mv5fFydBFivns8hgQsCLihILOp3vTPE001?= =?us-ascii?Q?Ard9JGYEYb8J0AY4X59QLHmTSlgn16r82d67s1Zd3gfK3M1RjUi78BAvMFkR?= =?us-ascii?Q?k1EgawvQmW9zWbmdOXCF+CAmSKgBv2JkMqM/QyE6DMItWOKojW0+VzbCoz3Q?= =?us-ascii?Q?ZDdNpAH5/oQXG4c2hZCk3/PPDGL1yxIVAkat2UPP0su3rPz98S2o4ypaOzgd?= =?us-ascii?Q?TXKsbrsh6FJ1nJ5XHEWqHX3KQk1vMTTWUVr7bi1s7jb5ECYJiV92NSpeBTHJ?= =?us-ascii?Q?4JU7PVwvkZvwoGuYClrZIHuzI4RtXISoiU2ykHQ7JTJDEMpreVxswKVcV1kU?= =?us-ascii?Q?pCljDgICiCurdU2QS3N0xAPg4G3AR99vH3PJTsh2nsULpDvSTKBLLz9ZXUkv?= =?us-ascii?Q?H7mTvVrkntqEQAmE+zZo+gclxaMOTtpTapbjIN2izfy7FNjEAtI0Pacjv+u4?= =?us-ascii?Q?DoY/s/Syppl8LgWTPePGm+O7tPvQRWaxWZi1WV8qMcRQxUtPVYjMtcIX9LiX?= =?us-ascii?Q?2O7F8BdBiP9Jb0U9mvIIpu6Y7Tk9IgPP/3bYPDk8kuOwnSwnSNIi9JKYHaRZ?= =?us-ascii?Q?OLvIOAOTI9ZUOCwJKvpkPpV/LyiV+mD95tBR3558PUNh820Kt/E1oLbG77Sp?= =?us-ascii?Q?oZAU3UmPgGUhO6DIYbVG7wxBvHvQyw7rQ05UVfWscp71uwJ3XzMyGOVyxwNK?= =?us-ascii?Q?BD6HJOtOqaHrvMTEIh7/BnCcLmQifBT2yct24J8XAqzv0I7DVlL8NLRWXseZ?= =?us-ascii?Q?ma9tDy0fUGpeURFAU7bjwJkuYqovZfmn63LKLtg8o5wHsJXhu3kaZ65uIq9O?= =?us-ascii?Q?Zuf899RGp5DCBDB5/1Y3r3cuQzMAhZjtmF+49GQSebTn66OMrv4r4YK5zCZv?= =?us-ascii?Q?5+sM1+Z+DZzkfuGZ0FXiBaO3hXDMRNsAfMaDN4KOXfgZrZM2Y9ZOHZERnwbv?= =?us-ascii?Q?LhdD98kvkYiWltIOq+molizqepTaaaI85ei9tdzqhlSoV66rw49HaVikmAGt?= =?us-ascii?Q?MdyIlbBbSpxisBXxyGdvDOkzfZEA5ki7U93FEoexk7/QGL7Xm+yNG3vBc/pU?= =?us-ascii?Q?QUTmGVc/PkXNZOOIh0SCwTgXv+ztBOhw/NktNgd1+qWrAlNTqpWNNBmNvRP+?= =?us-ascii?Q?sQzKeSXJvHNSYvMerlGHTe0pkFLXq4nmMr9ryKSpK0r5DQB5j84tLDK5E4Ld?= =?us-ascii?Q?8+8fY1lWbgwSv6FP3QUuxm7x3RV1hV7dxZkaQYr3zz/llau0PSViHtpEMu8I?= =?us-ascii?Q?hOqFewKIIdEl2kmdfTN+pexw2hkGDvlMjAimg5zDGdR3RM79DtMjS1yBgLcz?= =?us-ascii?Q?1nlASBIhwEgWg5jaNp1YMm1Bi96y2v8zXH/zpoQ69RIEkfqZT7xBj8usDh+M?= =?us-ascii?Q?XPDhQkU+PVpYycGoxfjm8uFX71tyJD5D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(36860700013)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:17.2647 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7b67ca66-8051-4c07-6aad-08dcd35e662a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6100 Content-Type: text/plain; charset="utf-8" Restructure gds mitigation to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for gds. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0fb97b94f5b9..7fee5c3de135 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -76,6 +76,7 @@ static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); +static void __init gds_apply_mitigation(void); =20 /* The base value of the SPEC_CTRL MSR without task-specific bits set */ u64 x86_spec_ctrl_base; @@ -220,6 +221,7 @@ void __init cpu_select_mitigations(void) mmio_apply_mitigation(); rfds_apply_mitigation(); srbds_apply_mitigation(); + gds_apply_mitigation(); } =20 /* @@ -801,6 +803,7 @@ early_param("l1d_flush", l1d_flush_parse_cmdline); =20 enum gds_mitigations { GDS_MITIGATION_OFF, + GDS_MITIGATION_AUTO, GDS_MITIGATION_UCODE_NEEDED, GDS_MITIGATION_FORCE, GDS_MITIGATION_FULL, @@ -809,7 +812,7 @@ enum gds_mitigations { }; =20 static enum gds_mitigations gds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_GDS) ? GDS_MITIGATION_FULL : GDS_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_GDS) ? GDS_MITIGATION_AUTO : GDS_MITIGATION_= OFF; =20 static const char * const gds_strings[] =3D { [GDS_MITIGATION_OFF] =3D "Vulnerable", @@ -850,6 +853,7 @@ void update_gds_msr(void) case GDS_MITIGATION_FORCE: case GDS_MITIGATION_UCODE_NEEDED: case GDS_MITIGATION_HYPERVISOR: + case GDS_MITIGATION_AUTO: return; } =20 @@ -873,13 +877,16 @@ static void __init gds_select_mitigation(void) =20 if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { gds_mitigation =3D GDS_MITIGATION_HYPERVISOR; - goto out; + return; } =20 if (cpu_mitigations_off()) gds_mitigation =3D GDS_MITIGATION_OFF; /* Will verify below that mitigation _can_ be disabled */ =20 + if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) + gds_mitigation =3D GDS_MITIGATION_FULL; + /* No microcode */ if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) { if (gds_mitigation =3D=3D GDS_MITIGATION_FORCE) { @@ -892,7 +899,7 @@ static void __init gds_select_mitigation(void) } else { gds_mitigation =3D GDS_MITIGATION_UCODE_NEEDED; } - goto out; + return; } =20 /* Microcode has mitigation, use it */ @@ -914,8 +921,14 @@ static void __init gds_select_mitigation(void) gds_mitigation =3D GDS_MITIGATION_FULL_LOCKED; } =20 +} + +static void __init gds_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_GDS)) + return; + update_gds_msr(); -out: pr_info("%s\n", gds_strings[gds_mitigation]); } =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2069.outbound.protection.outlook.com [40.107.102.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A574E1C1759 for ; Thu, 12 Sep 2024 19:09:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168162; cv=fail; b=eh2Oa3RhkPitYbu3uwwVqrXksdic5dUmL/YQg36RoW7mltBjFiP/tH6efhmiNGqpVrLqqbcF22PDbkfG3zWVCWLXrqa344VqU3pcMg0Vgqc0QSwXN0VIHwAAcV7BhAsCIUSrbjDL+S+yLyMkIf5QFyyUyk6DOpJ0BJuDTCZs7TI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168162; c=relaxed/simple; bh=3qHcXfU4O6GtAXPFgTU1OGaEgEpMWSszIo4q4PkAWSo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Fqr02pkjnHCEVu7lehycs1ULrT2plCz+n5hx3zyqvhT5pkDtyk46o9Q8eg2XL6ThAjzJbkMWpFCkB/yU/48R0NU/SEwa+izIxHxF/nLE+6E5Pu480pxp+j5Ik5g7oxDoFrQSUda8ZvJOCV1L5KNrUX458CW91HFK/0wXuG3ukJQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=d1Jo48lF; arc=fail smtp.client-ip=40.107.102.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="d1Jo48lF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mnk+Fy3lcgfdBiBPbOv8VUwh8SXAATpoXdmw1XNxaNHwn6L8RnVjkgxEiGN8CwrsaNeZZexLdX1QVlDXYxnVjmavToEvj67yVfTEeJGGUfmmo4hNUjWQblBeSaB5C02XFWa3pE1GWBheJ2S9w+Ko9Uc8NCmslmUiB5tGQN/AmywVohrXMAvYxGM/n98THKl66VeXig7wCW82+tf8f+p0k+6whP7Tn+T5MRKYu2BxlnJBqXx1QGNPK/KukHJaacFc8JV/A18qprMEkD2rStLF2HnS5Yo3ka6EIpoouNBpLDEcy4lWwv+1UJLaFoGsSJbKDWT/w+U93My0i8ehD5JP5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cRbM6IL1ERmi4vT/TUklUu/jRAbmdfTUKA/9W0C/UMo=; b=B6el9EFIxmcyLAS8jCXJ7kaHY9TWW+lJ766AMu3o6PwzjGiMMq7P9zxojooeixmmcfOABOClYb/gzSe0DxYG4FmM+9WaYub1HM1FCyit66ABL+GINMQIoQArvUN+QIddXVkA5+rwAIjoJL0DXv2DQ5FXaVSN+FpNJ6g7a7FLeIbHy+qESCrW9LopNJ58r8mcGpezEnRAO/2o1bXMebpIj4KgwzuP+Qy8md51ucmafNNEWcuWj9oBPYwyPZkfDbleJ8YMePF+t46y5KPlsdpZD55iWIMh+UGmWMk9Bmb9t5tcRrIwSBRs87G4UzA5XNy5opDUuar64gh4QZ2JhpL/jA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cRbM6IL1ERmi4vT/TUklUu/jRAbmdfTUKA/9W0C/UMo=; b=d1Jo48lF+ryMfBAf2kgIu3lnZrbzvwjJ9K2JJpbYamlvDIEucDTNNApZNLNQH/0mphllNzoA4D3VR63QkI5l3s42j/oLzazI8yAcPBOV+t5DVCSMehfA2DwW6SZzlsU8VoReX4LP5o0n9AyZys0Y7V6ymjumBncTviOpm9Bpgp8= Received: from BY3PR10CA0030.namprd10.prod.outlook.com (2603:10b6:a03:255::35) by DM4PR12MB5868.namprd12.prod.outlook.com (2603:10b6:8:67::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:18 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::d0) by BY3PR10CA0030.outlook.office365.com (2603:10b6:a03:255::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:13 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 10/34] x86/bugs: Restructure spectre_v1 mitigation Date: Thu, 12 Sep 2024 14:08:33 -0500 Message-ID: <20240912190857.235849-11-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|DM4PR12MB5868:EE_ X-MS-Office365-Filtering-Correlation-Id: fbdaa7e2-8d63-4cba-2ce9-08dcd35e666d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HqqO0NI+JKzDG9aA7Y53iDTyJyvVqMHjudSwa1ntwQi/EIKwXHGyojM7BCdy?= =?us-ascii?Q?1zUslIJt1F1FTOY7e9JjD5xESg/kfgWXFI+YJGWoMvO41Zv4jIg6NttBZC4d?= =?us-ascii?Q?AFbpwnf1P5pRMYmJEbpz3uy31E0uZeZb1b66Ok8GBhQL0LloE36DLIQPmpYW?= =?us-ascii?Q?T+GU96KP2HVUOpyeosYd0B6Bt4UyM2qcTOtEDUZMG8bPcIbT4U7CWo65MR3Z?= =?us-ascii?Q?eRADb+f7UsM1Uz6UnTm7hrC5CPjyUWNoaJ7oStbClOMjepy1UhMFK4WLDBFT?= =?us-ascii?Q?3RDBeCkCR4dUiuKxB5wD7j/IcCdi3Xa5HstzqHx9T4Qrh7/nIhz2OeWVQr4Z?= =?us-ascii?Q?2dHcbgLxayIU+uH7O0abNGSb+0ORN2xlEHeGUr8xxN6AhqacZ/0NltqHhM9H?= =?us-ascii?Q?0i6MXqYwyJXwR791GfK5VBrruwGv4hUJlUf1kz5GnJrvi9lFh8O3rXRXkdI2?= =?us-ascii?Q?FendnZ0mXpcGpCHHfyjbxJxlqQMiKGy3qvtnh0XpO6do07HNo1VJEdsFqGwz?= =?us-ascii?Q?bGTO5tiSCgXHyfqxk9tepPmxWYHdSA2zWMto/BDHQGyjZgNGP2q/7nWyZKeR?= =?us-ascii?Q?LA52eudfKJl0aUOujPSAU4C2BPFOuyOA+hPZgroaavmiqyHB/3hZitYCId2M?= =?us-ascii?Q?+5vRrYRRejdIvR/iPgShO4CA/KnVB93SYbEjPVzCdQwGesib7H31i7rvBFbl?= =?us-ascii?Q?g4BDRdqSxUgiNJfptgtrHntpGMUbzOO/ryvaiGgklJk75dtdizAzl+uWJWVO?= =?us-ascii?Q?oV/l866guKPvb9ErCnBxgKjFf+p9IiuSDeqGxiB2QaBV4b2s6yRrPDXULjAY?= =?us-ascii?Q?yCVf9lHOdIrvdbYesjYZ1RYJRwoUtnIWNPHh/K4gzznRuxUPijFmngeFpaZN?= =?us-ascii?Q?FpDOrcsT12BbyUbYEp/mxaINxOGvKijoRdNsFrdFWvs9a/ExdSgmdPliNumn?= =?us-ascii?Q?4MWHyEA47D+s5jEjWrMjwyh2/Hh6jsKm4Li1GZyWvaLEaA848HGuwSixsgcO?= =?us-ascii?Q?qJ0o7+GgUbiCk2RNVdvxIZcORotm17HR1Ia7dTtiRRsDLXycWcqDtAmEDLhj?= =?us-ascii?Q?IcmJKUcKYYtsDHP6j4L72aP3BSi/A3mpuzv5UQ/actXn/Z4zE0o771aNrJ1e?= =?us-ascii?Q?2h0MGGTTOC2rFhre7SAcj54Ts7+GZg+EmEfVdtfVgNqY3i22gjWN6PMX14O/?= =?us-ascii?Q?gxBwFqJkKOV0qCtdz/TX/OGD0hovJXcuhelvG58Kdg4V2YAKINLSVdmf1v3Z?= =?us-ascii?Q?+5Kumb+Gx/7jsiya3Z5sw6+jpGr6mfZtlxS0KqPLUDKiBAkiXboLahnxTPAj?= =?us-ascii?Q?3aihlX6EdwvCMnXHPFgJ7WM90mMahir5xBW7PPRLNW3vw3vg2LZni8oECBFV?= =?us-ascii?Q?SHdb6o65OciVcHGQmAp04uvIM0tFhFBDb9Y0hei+hQLXK4ebTsxKVL5ZZPme?= =?us-ascii?Q?ljJH1+2FQKzDQ4eMlJrPi9UnBI30KI8l?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:17.7022 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fbdaa7e2-8d63-4cba-2ce9-08dcd35e666d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5868 Content-Type: text/plain; charset="utf-8" Restructure spectre_v1 to use select/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 7fee5c3de135..ab49205ebb15 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -54,6 +54,7 @@ */ =20 static void __init spectre_v1_select_mitigation(void); +static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); @@ -216,6 +217,7 @@ void __init cpu_select_mitigations(void) mmio_update_mitigation(); rfds_update_mitigation(); =20 + spectre_v1_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -989,11 +991,12 @@ static bool smap_works_speculatively(void) =20 static void __init spectre_v1_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) { + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; - return; - } +} =20 +static void __init spectre_v1_apply_mitigation(void) +{ if (spectre_v1_mitigation =3D=3D SPECTRE_V1_MITIGATION_AUTO) { /* * With Spectre v1, a user can speculatively control either --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2067.outbound.protection.outlook.com [40.107.94.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E323F1C1AD8 for ; Thu, 12 Sep 2024 19:09:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168165; cv=fail; b=DWk9uAfSeZialGXi5MMf8Ch8X8Oq6kLBAlknJVZxKu5RtqtMc8Mcx3wIprdGzLM7x0TXhZxqcFnG4tXoy+S51Hwh6rTMIab7d84p4cqMfYPX5WL+31SDZCHOzxs3ps1jgv44LCSQ4pwKeQyL4iHwSDd/srqoa01O/8WA5pT4PEA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168165; c=relaxed/simple; bh=7C1IRqQral8zn3EuEteiXOIp+EddsZLHd02f2hOOMvE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=STnsK+VAOk0x5dIqvINlSzyOKxBVtpQo9M/GUuSvNL5aOCR1l4aggrvKIiWTOgfH7zG3p4ZZSD0NU7Dd73/YtWxsrGGtZCYEypypNakdEU/kRGshWRqrxivs5mI7eY8BrRsr8W9KwUso/mhWg7BRp89lqQSrqPgVhiOSyCn+Www= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=sqfwdKEY; arc=fail smtp.client-ip=40.107.94.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="sqfwdKEY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Kfs9XrtGAa6k89YYnMBAe4MOsfJvo3+TGwYI+ApHQeHVExQVizzCbihWwRhY3yjwyASafo7PRA+7bHkSzqPR1Fy4afUsFjCcf7raipLs3/RlXtRW+C4scY/6M4/crMdUGdBRXeyJaGV6J+awwxfhF1LD8xxPgjSg9koJpNCg6H8pCMJQUxfvcz0A0f/4i/K6T3p2AHwRHyVbbdo+7oZaC357OrqaR71eAxZuo09ZNVspz0jvy8pPYGXPINXUJyVykTF7joWRJnMysKJ01ehUFD3yJl3OrIL5cSpaTHkdXOCwGUbK2VUVUXRkE9x91JDyvvfjTHWDLAWsHCUgqdDgIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YRs37hNM3NrKBZ5qz34v1qIx8NNdxQeg7vtEWCjbjDk=; b=kHM8gB3v6B2H0IjDEYDSYfB8Gj2zZCg8ZEd78uNqk8WKQh/v1kpIDRoNcTWkkGXvykHNJh3yTY7CBFTjjE6YNZyrIVPqJIh3yAFI9bwT1IPq4tgXQOoXc9Agdh6vaRJNrjaXgEzZhtRogWIhxfFOgctQH0/eCAqfj2sZe2JQ19j1Yp+dhfSzwJUmOz3jMhgo9YVDewZuVqSepkaJljd+xqHoBqGfeqeDpWwfWachcwaijBXf+TYVNxhYYeDA1g7rQti+mk/iL4wdi0EBI8K4c8HCygMpRmGRu5ueRK/M+C2Pqp5gCfCSaimhyuq677Cz0BzkN3zxW4aPF7eYcpNyww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YRs37hNM3NrKBZ5qz34v1qIx8NNdxQeg7vtEWCjbjDk=; b=sqfwdKEYGrHVGAHYaBsB9SQ88ON3YWLfDjl8r0QM/fb4F2p/9nkjHhtOACBg+xUP/VStvPGZnKwcIZkA+aEaLbUsTrYYO9Fu6JxvYr6usYRIr6EjbGhwrA1GdQx09zPqpFCd5vLmRJ5ZCBa8I8lXgEjEzhOYdBeC9uDHY0y9Ztg= Received: from MW4P222CA0011.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::16) by PH7PR12MB8039.namprd12.prod.outlook.com (2603:10b6:510:26a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27; Thu, 12 Sep 2024 19:09:18 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::96) by MW4P222CA0011.outlook.office365.com (2603:10b6:303:114::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:17 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:13 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 11/34] x86/bugs: Restructure retbleed mitigation Date: Thu, 12 Sep 2024 14:08:34 -0500 Message-ID: <20240912190857.235849-12-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH7PR12MB8039:EE_ X-MS-Office365-Filtering-Correlation-Id: 0e05283a-4c02-48b0-d2f4-08dcd35e6684 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|82310400026|1800799024|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?1eWmZQjbvcwexA7YGBwKlQGfAQinj5yvYiY0nb3/n5/pDjq8aWNDfkmaI3ah?= =?us-ascii?Q?QN5SNnm+jJHTMaKAcV3oy7iC4hQES6DjXAru5sKJyRnZZjTUpukVfJs/ePDq?= =?us-ascii?Q?/CYvuGb2n+yVF4MswcTj2sAZPs8bJby3b78uUDrRW3TGv6AJygjR+ByZMhLB?= =?us-ascii?Q?7qY8FPFLk3SlWG8Q3DCDn1yfKb2u/eqBWBsR+uEZT9JMsJSwaLfBr7hIjGN+?= =?us-ascii?Q?cG3XlUVfcz0e8iHXWBPsPqHak9XnSuYABn0WpMZ+pzjuIFrILcTeZQQlmpmC?= =?us-ascii?Q?3zl16YBsR++3i3nA0wsuYsobWTMjMMgj2W4Bz7L+HvrlNWraGCILNYmQK0c1?= =?us-ascii?Q?Y2drkV77oy1/76EyNmClRr5WJrAMR+bRxZq5DA4eXqHAFwVXlEL6Ei81w3LQ?= =?us-ascii?Q?q19pZNFPZZjEYRGclG5NMW83FxL7qnHEGngWddFQRVzh+AxAyIBXk5BO5Oad?= =?us-ascii?Q?OEyS+5VBf2zcdSNiB3CO4iBXKUaipTjImPGkYY6cRZfXvEI1FU3nNSbWsPRK?= =?us-ascii?Q?sjWQDHXBGju8Yz2aidYp1Ndj+6dovWownkVnmsIxUMZ/aXaiR3uD9u1XTUrZ?= =?us-ascii?Q?X99g4iwBQNzyzWlrMk5Cz3H+4JrLYgtjSiR6/L0mpeWVDDSmXA8usG8g4CyL?= =?us-ascii?Q?iBTOHu3mGEC6I7wM7tiTsRjoc6SYLOP/5Dli8fMamzjDqI/28zsTc1S0d94x?= =?us-ascii?Q?WxxUvhZYfmJ+N8iY+jNR7hc6Xzs1mq125oZc+NnWrHUR/0qWb0ihr69mOtBi?= =?us-ascii?Q?nosjB1UCbBAnjJx1XfZIhIfRs0WjVBkgXNsroYNoxVm4b0Au8zCtHWQPWzjI?= =?us-ascii?Q?MVVzokXcDgT7i8WA9d+8dkLMdKzIPEr508MqzUxhjRbkEbRJoIZPSYP/u2iP?= =?us-ascii?Q?uDNnA7g+zLHkDxJir9GIpOcJRSXwg2SW4aHICukIvOkVi0EFqJXyPuotENdE?= =?us-ascii?Q?IkXxBXCRIqbf7YwaDOeQ/NM8dhdfXIBQvUBr6UvGGhjyC0MorRNJeMLb7C7b?= =?us-ascii?Q?2GAGkDgnT89Yb+OLbYB3IRunuXzkVCYis49/CUg/WlE96UbmquM9HgHs+YUH?= =?us-ascii?Q?h273AHH41l1sv8hU42yGsj5tafUrJfHXi4Ao/vpjCSfxwnGJT0srBgTMqes1?= =?us-ascii?Q?JzA4Z1T8AuTNJBEjVGF7O4PNAvu34SfrIa6ZIK8ozosLLXNBIWy1p+lGdNbJ?= =?us-ascii?Q?q26lX+DGjwXXbNeCqFg/4eXJpsjxoLf7318EoJvBRrniZnsIYLg8RzdfAHTz?= =?us-ascii?Q?x/v77r3OLhEriR74HkxqWtBcF3dZxFSegoXMILYD1tVhndzRh2p+XmXLJjtJ?= =?us-ascii?Q?eUg70QzM9yilot/1UbTTkqbVyZlSbmbhEFQ60sOA9mP474Zn6MA2aUx4uRdk?= =?us-ascii?Q?ZHpkz74o9FW2/Q3DlUv3YDRV15eq6M68KoBnmWqSfKUKqGohbY+rrO3nKeIi?= =?us-ascii?Q?pGXvewS19LlQ/2u0l/2R89sNk3R1V0nn?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(82310400026)(1800799024)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:17.8572 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0e05283a-4c02-48b0-d2f4-08dcd35e6684 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8039 Content-Type: text/plain; charset="utf-8" Restructure retbleed mitigation to use select/update/apply functions to create consistent vulnerability handling. The retbleed_update_mitigation() simplifies the dependency between spectre_v2 and retbleed. The command line options now directly select a preferred mitigation which simplifies the logic. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 168 ++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 95 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index ab49205ebb15..13143854ca42 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -57,6 +57,8 @@ static void __init spectre_v1_select_mitigation(void); static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); +static void __init retbleed_update_mitigation(void); +static void __init retbleed_apply_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); @@ -180,11 +182,6 @@ void __init cpu_select_mitigations(void) /* Select the proper CPU mitigations before patching alternatives: */ spectre_v1_select_mitigation(); spectre_v2_select_mitigation(); - /* - * retbleed_select_mitigation() relies on the state set by - * spectre_v2_select_mitigation(); specifically it wants to know about - * spectre_v2=3Dibrs. - */ retbleed_select_mitigation(); /* * spectre_v2_user_select_mitigation() relies on the state set by @@ -212,12 +209,14 @@ void __init cpu_select_mitigations(void) * After mitigations are selected, some may need to update their * choices. */ + retbleed_update_mitigation(); mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); rfds_update_mitigation(); =20 spectre_v1_apply_mitigation(); + retbleed_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -1050,6 +1049,7 @@ enum spectre_v2_mitigation spectre_v2_enabled __ro_af= ter_init =3D SPECTRE_V2_NONE; =20 enum retbleed_mitigation { RETBLEED_MITIGATION_NONE, + RETBLEED_MITIGATION_AUTO, RETBLEED_MITIGATION_UNRET, RETBLEED_MITIGATION_IBPB, RETBLEED_MITIGATION_IBRS, @@ -1057,14 +1057,6 @@ enum retbleed_mitigation { RETBLEED_MITIGATION_STUFF, }; =20 -enum retbleed_mitigation_cmd { - RETBLEED_CMD_OFF, - RETBLEED_CMD_AUTO, - RETBLEED_CMD_UNRET, - RETBLEED_CMD_IBPB, - RETBLEED_CMD_STUFF, -}; - static const char * const retbleed_strings[] =3D { [RETBLEED_MITIGATION_NONE] =3D "Vulnerable", [RETBLEED_MITIGATION_UNRET] =3D "Mitigation: untrained return thunk", @@ -1075,9 +1067,7 @@ static const char * const retbleed_strings[] =3D { }; =20 static enum retbleed_mitigation retbleed_mitigation __ro_after_init =3D - RETBLEED_MITIGATION_NONE; -static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_CMD_AUTO : RETBLEED_CMD= _OFF; + IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_MITIGATION_AUTO : RETBL= EED_MITIGATION_NONE; =20 static int __ro_after_init retbleed_nosmt =3D false; =20 @@ -1094,15 +1084,15 @@ static int __init retbleed_parse_cmdline(char *str) } =20 if (!strcmp(str, "off")) { - retbleed_cmd =3D RETBLEED_CMD_OFF; + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; } else if (!strcmp(str, "auto")) { - retbleed_cmd =3D RETBLEED_CMD_AUTO; + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; } else if (!strcmp(str, "unret")) { - retbleed_cmd =3D RETBLEED_CMD_UNRET; + retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; } else if (!strcmp(str, "ibpb")) { - retbleed_cmd =3D RETBLEED_CMD_IBPB; + retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; } else if (!strcmp(str, "stuff")) { - retbleed_cmd =3D RETBLEED_CMD_STUFF; + retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF; } else if (!strcmp(str, "nosmt")) { retbleed_nosmt =3D true; } else if (!strcmp(str, "force")) { @@ -1123,53 +1113,38 @@ early_param("retbleed", retbleed_parse_cmdline); =20 static void __init retbleed_select_mitigation(void) { - bool mitigate_smt =3D false; - if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off()) return; =20 - switch (retbleed_cmd) { - case RETBLEED_CMD_OFF: - return; - - case RETBLEED_CMD_UNRET: - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) { - retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; - } else { + switch (retbleed_mitigation) { + case RETBLEED_MITIGATION_UNRET: + if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) { + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n"); - goto do_cmd_auto; } break; - - case RETBLEED_CMD_IBPB: - if (!boot_cpu_has(X86_FEATURE_IBPB)) { - pr_err("WARNING: CPU does not support IBPB.\n"); - goto do_cmd_auto; - } else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { - retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; - } else { - pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); - goto do_cmd_auto; + case RETBLEED_MITIGATION_IBPB: + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) { + if (!boot_cpu_has(X86_FEATURE_IBPB)) { + pr_err("WARNING: CPU does not support IBPB.\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; + } else if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; + } } break; - - case RETBLEED_CMD_STUFF: - if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) && - spectre_v2_enabled =3D=3D SPECTRE_V2_RETPOLINE) { - retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF; - - } else { - if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)) - pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n"= ); - else - pr_err("WARNING: kernel not compiled with MITIGATION_CALL_DEPTH_TRACKI= NG.\n"); - - goto do_cmd_auto; + case RETBLEED_MITIGATION_STUFF: + if (!IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)) { + pr_err("WARNING: kernel not compiled with MITIGATION_CALL_DEPTH_TRACKIN= G.\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; } break; + default: + break; + } =20 -do_cmd_auto: - case RETBLEED_CMD_AUTO: + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO) { if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) @@ -1178,16 +1153,50 @@ static void __init retbleed_select_mitigation(void) boot_cpu_has(X86_FEATURE_IBPB)) retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; } + } +} =20 - /* - * The Intel mitigation (IBRS or eIBRS) was already selected in - * spectre_v2_select_mitigation(). 'retbleed_mitigation' will - * be set accordingly below. - */ +static void __init retbleed_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_RETBLEED)) + return; + /* + * Let IBRS trump all on Intel without affecting the effects of the + * retbleed=3D cmdline option except for call depth based stuffing + */ + if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { + switch (spectre_v2_enabled) { + case SPECTRE_V2_IBRS: + retbleed_mitigation =3D RETBLEED_MITIGATION_IBRS; + break; + case SPECTRE_V2_EIBRS: + case SPECTRE_V2_EIBRS_RETPOLINE: + case SPECTRE_V2_EIBRS_LFENCE: + retbleed_mitigation =3D RETBLEED_MITIGATION_EIBRS; + break; + default: + if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) + pr_err(RETBLEED_INTEL_MSG); + } + } =20 - break; + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF) { + if (spectre_v2_enabled !=3D SPECTRE_V2_RETPOLINE) { + pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; + /* Try again */ + retbleed_select_mitigation(); + } } =20 + pr_info("%s\n", retbleed_strings[retbleed_mitigation]); +} + + +static void __init retbleed_apply_mitigation(void) +{ + bool mitigate_smt =3D false; + switch (retbleed_mitigation) { case RETBLEED_MITIGATION_UNRET: setup_force_cpu_cap(X86_FEATURE_RETHUNK); @@ -1223,27 +1232,6 @@ static void __init retbleed_select_mitigation(void) (retbleed_nosmt || cpu_mitigations_auto_nosmt())) cpu_smt_disable(false); =20 - /* - * Let IBRS trump all on Intel without affecting the effects of the - * retbleed=3D cmdline option except for call depth based stuffing - */ - if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { - switch (spectre_v2_enabled) { - case SPECTRE_V2_IBRS: - retbleed_mitigation =3D RETBLEED_MITIGATION_IBRS; - break; - case SPECTRE_V2_EIBRS: - case SPECTRE_V2_EIBRS_RETPOLINE: - case SPECTRE_V2_EIBRS_LFENCE: - retbleed_mitigation =3D RETBLEED_MITIGATION_EIBRS; - break; - default: - if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) - pr_err(RETBLEED_INTEL_MSG); - } - } - - pr_info("%s\n", retbleed_strings[retbleed_mitigation]); } =20 #undef pr_fmt @@ -1796,16 +1784,6 @@ static void __init spectre_v2_select_mitigation(void) break; } =20 - if (IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY) && - boot_cpu_has_bug(X86_BUG_RETBLEED) && - retbleed_cmd !=3D RETBLEED_CMD_OFF && - retbleed_cmd !=3D RETBLEED_CMD_STUFF && - boot_cpu_has(X86_FEATURE_IBRS) && - boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { - mode =3D SPECTRE_V2_IBRS; - break; - } - mode =3D spectre_v2_select_retpoline(); break; =20 @@ -1948,7 +1926,7 @@ static void __init spectre_v2_select_mitigation(void) (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON)) { =20 - if (retbleed_cmd !=3D RETBLEED_CMD_IBPB) { + if (retbleed_mitigation !=3D RETBLEED_MITIGATION_IBPB) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB_FW); pr_info("Enabling Speculation Barrier for firmware calls\n"); } --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2083.outbound.protection.outlook.com [40.107.236.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 243601C1AD7 for ; Thu, 12 Sep 2024 19:09:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168165; cv=fail; b=SIU+ISIBEfvvoljp9WPP+GYNMIePhKDNsTZP910dfPaX93szzYIRT0gMTXToiS/pd5X/kbHKedFcY9TUUFrIYkM1HV4+1BGyTSvS3TeUBdDjLC8dJD3MH9hupdC8le6jsHmozb1ehWHPYdxPR3PtpExw2ar+wcLrBHFJDO4GnTQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168165; c=relaxed/simple; bh=cGzDdTNxTnEEy98myKWeww8JYywxZofqbQR4dT+Q3ZA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ryy6TfvoAsdDX1c/CcoF85aUlI1EfqBSSch0Np6Somszy/AvM1mFBN7jyWbXxEay+NssukDcWJRqwwMd3YBOzREbQVlE8Ge4wW7lkUDGce0gKrJsy4Z5MUEqWH0vizh+Rc6pIWLxM6hxFjXN1akmH9qhXMnNMYQj8lAWRbPtcZg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mdl6cWMa; arc=fail smtp.client-ip=40.107.236.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mdl6cWMa" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AYLyxZ4JzsfE49VCDzuClzOJ8hVtlqvUdXxSAQHNwvtJk/+yNQaLL0vSTVVo6M3YssbE5Pz+y5wD41sWOMQ+wjzRBSy3OzlfW8DP8Si3uvRrPdGut6Wy7SV5C60+6W6YLFgK5twOFp69Uclb6YWmEUZGU2YWlZ6Kn8vIZw8+GNWEJu7PR/1MhGZfgBU/+zFi5H17sfgtxUbtl4khWP4yBg8LasjYYcMr9iTXZwO7tSi5SgFuz+o5Ss7cnk47WxOPcs71fmfWU5CxWh8re7I9kze2HvFAqVLiZnhBDrFitv+t+66WlshpRC7BM4V0THffJC86ayxqgm8wTjQNZyP0UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tiU+l1p3HXD/Nc4zv0lckg0Uyp799ad/jSlLUCn2kDM=; b=TCR60J4MSsEIVYJImm/KNmUwZsP3krQSnEHkK7R7WXh3xE+BmngRffRUDbgpJm5iiviFZRqpNl6ct8C8qW9QNcynfH1VoIWVcoRISh4oZ3toBeGpchmUbrhhMmW3+idQFvvXS2/rRTEg/Oc0FYh13YpDMYJgAFQ/AaigvqD3RD78gEhJQeA8aPVylYu5qFRbCJENG3/Iw/ErOawYRj3CGZKsK0i90SWoFQf8mhy28jID0XMX3mLp7e3TnzzEpDZh/HRwDWW3QrPbwGy0ZxL/MLpVIQr4K9+5ke/2KxV0cPWFkShzgq1ktiQmn5EtSN+7GfRupHPXopsYAcGJwclZ9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tiU+l1p3HXD/Nc4zv0lckg0Uyp799ad/jSlLUCn2kDM=; b=mdl6cWMaHmzO1LzbTHiL0s4fkueYw/NB7hXlPCgMVFT5Qp25YKYXXcARm4ErxbpQUrnz2ejeJc8qkBuhvcO63FsfM6XYWHvAGyo2L2blQx9Ts7kwONah4aj6F0JH7v5W0mmyWPhV0NOLz5tX/eu7u5s0ncqbopJJiTVhjg395SQ= Received: from BY3PR10CA0009.namprd10.prod.outlook.com (2603:10b6:a03:255::14) by SJ0PR12MB5675.namprd12.prod.outlook.com (2603:10b6:a03:42d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Thu, 12 Sep 2024 19:09:18 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::c5) by BY3PR10CA0009.outlook.office365.com (2603:10b6:a03:255::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:18 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:14 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 12/34] x86/bugs: Restructure spectre_v2_user mitigation Date: Thu, 12 Sep 2024 14:08:35 -0500 Message-ID: <20240912190857.235849-13-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SJ0PR12MB5675:EE_ X-MS-Office365-Filtering-Correlation-Id: 4829951e-8547-47ed-d7e7-08dcd35e66f9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|7416014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?kAMdVAo/ivPYTQYtco2vlP+o6y92Rzef9eiouezBJYumrug+Xnzcr1CKA707?= =?us-ascii?Q?Bx/6PEpUcKUiFbcESJDWCzhxMXoxCtb8fzX0V2IuG4UhS6bILhMj/YLV6T+S?= =?us-ascii?Q?wDkyRa5p9opRnSbyb4Y1uezNW9yaS94wB2HKxvXhtvkX+wFCeC8KjABhQ3FH?= =?us-ascii?Q?CrSItSSj/k/cG4VjsCawe3BIVLRLTvxZ4c0LDhGdRh+M307pizl99x4w4QJr?= =?us-ascii?Q?Q/iO4ZQg9suiPyd5zv45G+f8ebb5pTqC2bSXmoZPSgcMASzrprX1wDsb/aU1?= =?us-ascii?Q?Bc0MVb04eO40hpP4qBtJtCA5M8XqnVDCxMS1Ki0YY4UBGWT1JETwH65/OFjg?= =?us-ascii?Q?GNvrkhDLOrV5MsW1MNPDKs6jLyOa/FsF/974MdWMAGXaHGn47moWvaY7A2hB?= =?us-ascii?Q?H/Y5ZvTip2XPUvKNOQjGvL0NCXbdS5bmqK09WoZ7nIx5SBNAVriJV/h6DU2Q?= =?us-ascii?Q?T2dSMPZomHfwQHH8sk3iRxbR6WWJfhe7uLZ85Zc4yICU34lMOSCy8mqnN/8e?= =?us-ascii?Q?vLBdPsBdXVHVcHDnZIT8WdKeQcQ6YSeWRzVnnP6GJha4dRtEtyjMbbuKPqzi?= =?us-ascii?Q?MyKJJ6tfABHeYUbaCBKl9TLc1cSgXAGlq7U/ZPl0MwGXVtak1scZfhMx9/Zy?= =?us-ascii?Q?Ls3Y+giWmJspqgmQrT17Iktr5PMcVHYfivq6Vtsmy2KYQc0G5Za4ucL2Lio5?= =?us-ascii?Q?oQqrDjY1v0WNX6P3uZ4w95v6bljmrX9PRNKNORIt9H+/nIO9PKhBByVn7zkv?= =?us-ascii?Q?DQV3hSLBkL2FwpIu2YxqXtbST9jOb7/fTMKalxY+qrt7DdHTBOR1lzPgrxta?= =?us-ascii?Q?WH/+AlWnKOEWSzOna3MsB8FiltsUwUSMW/+gpyJIrOCb/LEDkiY+97OMpY6r?= =?us-ascii?Q?SI3jBBUwoNdBdb6CajhYqvPvr/AukJ3jo6i6NGpRQT7RtG3ZjdVfvIxiNaBB?= =?us-ascii?Q?gTOh1k94ZRrUYtox8nuBe6XvAuT+d4JN1LyRaIQsoSG6f2mHsZ/j15zWD7Cv?= =?us-ascii?Q?CP4avKLAwxwsxo2OBAEpHMYA/Jy7I/CCAwIh/rd9JfrR1HIdvX9o8ZR9oOXN?= =?us-ascii?Q?oOW2BWq/FdvQW9x+RL6mFt9WrFYTFm5XjkHJAamEG3oSrZG0Z//H2JuWK+FZ?= =?us-ascii?Q?UQTvfZmWU1gr3F+mxYvfm0dde0/s0zoiJB3lQmwQEgtMieCBsClf2oDF8lOS?= =?us-ascii?Q?OUVoesg0Ybz+HtqMvSe7RvcgHj56TE8Mx++r97rKbhKmYOEyjPyqMnyjVywt?= =?us-ascii?Q?KO3Gu87Ri50psR2BfydmfrWNjoE7MQuw3RVIxcgPJm4a38a8P0I5zz3Zue1d?= =?us-ascii?Q?2SnTxkcaqaFN9FZSlOFQHn0+2nMvG9FEHjQVmkiOQBV7F2J5uLMooQaECs+l?= =?us-ascii?Q?sgP0ncKqYSK2zgF5EzDtcWgk0sMQnZi1tfj3RWKDJ264ZQeOpz0dT2W1pe7I?= =?us-ascii?Q?jgudEHXbRHwrASuj3Hj20m7qqRJUdWof?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:18.5460 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4829951e-8547-47ed-d7e7-08dcd35e66f9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB5675 Content-Type: text/plain; charset="utf-8" Restructure spectre_v2_user to use select/update/apply functions to create consistent vulnerability handling. The ibpb/stibp choices are first decided based on the spectre_v2_user command line but can be modified by the spectre_v2 command line option as well. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 143 ++++++++++++++++++++----------------- 1 file changed, 79 insertions(+), 64 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 13143854ca42..eaef5a1cb4a3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -60,6 +60,8 @@ static void __init retbleed_select_mitigation(void); static void __init retbleed_update_mitigation(void); static void __init retbleed_apply_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); +static void __init spectre_v2_user_update_mitigation(void); +static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); @@ -183,11 +185,6 @@ void __init cpu_select_mitigations(void) spectre_v1_select_mitigation(); spectre_v2_select_mitigation(); retbleed_select_mitigation(); - /* - * spectre_v2_user_select_mitigation() relies on the state set by - * retbleed_select_mitigation(); specifically the STIBP selection is - * forced for UNRET or IBPB. - */ spectre_v2_user_select_mitigation(); ssb_select_mitigation(); l1tf_select_mitigation(); @@ -210,6 +207,7 @@ void __init cpu_select_mitigations(void) * choices. */ retbleed_update_mitigation(); + spectre_v2_user_update_mitigation(); mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); @@ -217,6 +215,7 @@ void __init cpu_select_mitigations(void) =20 spectre_v1_apply_mitigation(); retbleed_apply_mitigation(); + spectre_v2_user_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -1311,6 +1310,8 @@ enum spectre_v2_mitigation_cmd { SPECTRE_V2_CMD_IBRS, }; =20 +enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D SPECTRE_= V2_CMD_AUTO; + enum spectre_v2_user_cmd { SPECTRE_V2_USER_CMD_NONE, SPECTRE_V2_USER_CMD_AUTO, @@ -1349,22 +1350,14 @@ static void __init spec_v2_user_print_cond(const ch= ar *reason, bool secure) pr_info("spectre_v2_user=3D%s forced on command line.\n", reason); } =20 -static __ro_after_init enum spectre_v2_mitigation_cmd spectre_v2_cmd; - static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void) { char arg[20]; int ret, i; =20 - switch (spectre_v2_cmd) { - case SPECTRE_V2_CMD_NONE: + if (cpu_mitigations_off()) return SPECTRE_V2_USER_CMD_NONE; - case SPECTRE_V2_CMD_FORCE: - return SPECTRE_V2_USER_CMD_FORCE; - default: - break; - } =20 ret =3D cmdline_find_option(boot_command_line, "spectre_v2_user", arg, sizeof(arg)); @@ -1388,65 +1381,70 @@ static inline bool spectre_v2_in_ibrs_mode(enum spe= ctre_v2_mitigation mode) return spectre_v2_in_eibrs_mode(mode) || mode =3D=3D SPECTRE_V2_IBRS; } =20 + static void __init spectre_v2_user_select_mitigation(void) { - enum spectre_v2_user_mitigation mode =3D SPECTRE_V2_USER_NONE; - bool smt_possible =3D IS_ENABLED(CONFIG_SMP); enum spectre_v2_user_cmd cmd; =20 if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) return; =20 - if (cpu_smt_control =3D=3D CPU_SMT_FORCE_DISABLED || - cpu_smt_control =3D=3D CPU_SMT_NOT_SUPPORTED) - smt_possible =3D false; - cmd =3D spectre_v2_parse_user_cmdline(); switch (cmd) { case SPECTRE_V2_USER_CMD_NONE: - goto set_mode; + return; case SPECTRE_V2_USER_CMD_FORCE: - mode =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_AUTO: case SPECTRE_V2_USER_CMD_PRCTL: + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; + break; case SPECTRE_V2_USER_CMD_PRCTL_IBPB: - mode =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; break; case SPECTRE_V2_USER_CMD_SECCOMP: - case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: if (IS_ENABLED(CONFIG_SECCOMP)) - mode =3D SPECTRE_V2_USER_SECCOMP; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_SECCOMP; else - mode =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D spectre_v2_user_ibpb; + break; + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; break; } =20 - /* Initialize Indirect Branch Prediction Barrier */ - if (boot_cpu_has(X86_FEATURE_IBPB)) { - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); + /* + * At this point, an STIBP mode other than "off" has been set. + * If STIBP support is not being forced, check if STIBP always-on + * is preferred. + */ + if (spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT && + boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT_PREFERRED; +} =20 - spectre_v2_user_ibpb =3D mode; - switch (cmd) { - case SPECTRE_V2_USER_CMD_NONE: - break; - case SPECTRE_V2_USER_CMD_FORCE: - case SPECTRE_V2_USER_CMD_PRCTL_IBPB: - case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: - static_branch_enable(&switch_mm_always_ibpb); - spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; - break; - case SPECTRE_V2_USER_CMD_PRCTL: - case SPECTRE_V2_USER_CMD_AUTO: - case SPECTRE_V2_USER_CMD_SECCOMP: - static_branch_enable(&switch_mm_cond_ibpb); - break; - } +static void __init spectre_v2_user_update_mitigation(void) +{ + bool smt_possible =3D IS_ENABLED(CONFIG_SMP); =20 - pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", - static_key_enabled(&switch_mm_always_ibpb) ? - "always-on" : "conditional"); + if (cpu_smt_control =3D=3D CPU_SMT_FORCE_DISABLED || + cpu_smt_control =3D=3D CPU_SMT_NOT_SUPPORTED) + smt_possible =3D false; + + /* The spectre_v2 cmd line can override spectre_v2_user options */ + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_NONE; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_NONE; + } else if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_FORCE) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; } =20 /* @@ -1464,30 +1462,47 @@ spectre_v2_user_select_mitigation(void) if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && - !boot_cpu_has(X86_FEATURE_AUTOIBRS))) + !boot_cpu_has(X86_FEATURE_AUTOIBRS))) { + spectre_v2_user_stibp =3D SPECTRE_V2_USER_NONE; return; - - /* - * At this point, an STIBP mode other than "off" has been set. - * If STIBP support is not being forced, check if STIBP always-on - * is preferred. - */ - if (mode !=3D SPECTRE_V2_USER_STRICT && - boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) - mode =3D SPECTRE_V2_USER_STRICT_PREFERRED; + } =20 if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_UNRET || retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) { - if (mode !=3D SPECTRE_V2_USER_STRICT && - mode !=3D SPECTRE_V2_USER_STRICT_PREFERRED) + if (spectre_v2_user_stibp !=3D SPECTRE_V2_USER_NONE && + spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT && + spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT_PREFERRED) pr_info("Selecting STIBP always-on mode to complement retbleed mitigati= on\n"); - mode =3D SPECTRE_V2_USER_STRICT_PREFERRED; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT_PREFERRED; } + pr_info("%s\n", spectre_v2_user_strings[spectre_v2_user_stibp]); +} =20 - spectre_v2_user_stibp =3D mode; +static void __init spectre_v2_user_apply_mitigation(void) +{ + /* Initialize Indirect Branch Prediction Barrier */ + if (boot_cpu_has(X86_FEATURE_IBPB) && + spectre_v2_user_ibpb !=3D SPECTRE_V2_USER_NONE) { + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); =20 -set_mode: - pr_info("%s\n", spectre_v2_user_strings[mode]); + switch (spectre_v2_user_ibpb) { + case SPECTRE_V2_USER_NONE: + break; + case SPECTRE_V2_USER_STRICT: + static_branch_enable(&switch_mm_always_ibpb); + break; + case SPECTRE_V2_USER_PRCTL: + case SPECTRE_V2_USER_SECCOMP: + static_branch_enable(&switch_mm_cond_ibpb); + break; + default: + break; + } + + pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", + static_key_enabled(&switch_mm_always_ibpb) ? + "always-on" : "conditional"); + } } =20 static const char * const spectre_v2_strings[] =3D { --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2045.outbound.protection.outlook.com [40.107.237.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C41F41C32EE for ; Thu, 12 Sep 2024 19:09:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; cv=fail; b=PVWfGcysrC1uN1D/uAlRxLtu12hlNuAJjAQfoCDBO3pZ8+TunwKrhBbzLuSl+xvO7UcM4ZLxJotUvzIxgXqZPz54cCWhEd5ohjC8FoNqXRHAdA/chejBxQOR4AeKm+g/OSqfjnU7z9XG50MZk7RVDvEE1YckCqdWoYjKfr7b4M0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; c=relaxed/simple; bh=y9w7qxdLMC0D2njyQsp5C5ODM7m1znnc5uNB2LnA8iU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=iuobn6tTqZBJSseBj5tQy/qJRxy5NSNlHE1/gVjytHO8ixcqEHEWS7ht6Yw63zvjoUgMLHrP09fRFQpFojS+dVCU3bs2kAyWq0Xmp37DTCEqJakthOSqkHVjXdVjNQbCHML94Hm4TaSOCw+7ZbT/OARDFlFUFt34fHV07FU/ZGM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=4yyZjmMY; arc=fail smtp.client-ip=40.107.237.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="4yyZjmMY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=I7xu0FGoRoG6UIt+Cqph46MfIRTdpFg1AjK45PWomfPIRus+nVTroGB1IKXy4GQkeFtlJ+ZAC02PR6xkk+era0PH1ezmoytMQ7i0ba4N3UQWOM9SA4m89QXTaWti3Qkbb5/kewl1U8WOfdeO+r2uBUWlftuED4o7Bmtb1GWJmhaDcgxCubweDcVcqm0MHpZGVvKRXcNYGr9REJkMetcGHoRsh6RYFZOE9jIzq1Xq295THtxK0aWgeLPksSR1kfb7yD0x4C8lkNWZvwy7h8t2uC21cJkErtd7cCe49qfeSsk8hMOa3wVs+p0CyfKFqhqcpfmlJtNSR5+d/ZZQnvZBXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bb1unM+MBdaZ5HUaQc44O+m+QQrs4RphyDUhXJbVX4I=; b=iBr58GZ328tZvg2ktN9aRMVo8rJI59MStNFN10wRiE7fMQvLMVfebGPvqnJGSGUGfNakiccwH/RWrE/EunZ0jjJb16ciOBDQdYcPLHMsW9da7uQHbPgPEkGW3rAx1u6/7rLYHNev+IIID6PfXoKG7UjwtRE77BmXmgqJHtN+86enIlq39qa3yt8+al4gV1nv1+RjK3d5Zy+EVYU/eJ86UNUOWd0OBdtxQkX71vx4/Nwt0SVCESLbjtUxkNY1KrtmiXhU1CW643taq9BiWLn7qecgEarFWFx7baE6QCVE+igc+H3fGYpTsLn5gcXKBKLts+tIoX0GC8twqeEWBql9hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bb1unM+MBdaZ5HUaQc44O+m+QQrs4RphyDUhXJbVX4I=; b=4yyZjmMY7TxPeua08ZMsZZKclcJ/ffDD3TsOZd/ZhO1cxYcTLJfnD5k9dDDcZm79gO8EViGd726TbE6Z2Q7/CGu6gpe4U/3++nnO2tIpNVEelYNocAr6o+7p7Uc6Xi/dclIR6ghcV59HzfpkiOxDVuvln7t/kry2qI5wlvW1P9I= Received: from MW4P222CA0010.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::15) by CY8PR12MB7169.namprd12.prod.outlook.com (2603:10b6:930:5e::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:19 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::ae) by MW4P222CA0010.outlook.office365.com (2603:10b6:303:114::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:18 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:14 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 13/34] x86/bugs: Restructure bhi mitigation Date: Thu, 12 Sep 2024 14:08:36 -0500 Message-ID: <20240912190857.235849-14-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|CY8PR12MB7169:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ee1e335-0a38-4ee4-e06f-08dcd35e6713 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ybrwSRcTYDnE3Ef4BptbiJKXvrZnQVCVL2ign44EzF5ub9AGzd6ijFke7qgl?= =?us-ascii?Q?5RkkygbvlZrSOxi0ursARnghcacHaEMnPMEnQKn3W/uTsI7+TIsvuB8Bjiov?= =?us-ascii?Q?cBAqMFMgQi2C3y6GmV0QFqJwuaESY/RnYRSpzvXp8CvGFJl5yJZARBmalpC7?= =?us-ascii?Q?/LVSZEALo2VUimBf80H12zcA9joorgF7C1e6gLxtxRd6aK5Y/HEeTj8HjmxO?= =?us-ascii?Q?/t6OMc0qU5DOYy8GWghMR/egkNj7ftpCw57rgb9Kw3fNHAkgmASg6GtZBmew?= =?us-ascii?Q?s/o9FJccMn+c2dg9XAW6IVOX3MUF8qFnKWd+7dSIj3UeHoR3G0HxeLBq5/Ju?= =?us-ascii?Q?O1WBTgDrZOwLdZPeTUeRasKliWZ1veAx0rPtPTDjgh9NvklMtJBBD9raytp5?= =?us-ascii?Q?U9Ndm2pA2OqxQaB4yE4xspuVi54JiJT2TSsnStQJztyqu0xGQF8mhPw4LB+I?= =?us-ascii?Q?4VWggmTgcOuch4uq+apsKJMCernbUxfliNvujiIeFR3TY/W5B+TOUuncKSqn?= =?us-ascii?Q?RzeelFCHd5Gno8VNBej8OLRdiVOwYH6omX5Ppqn/uyKPpMOun/MD6j7DhozY?= =?us-ascii?Q?+jpsMwxXioXx0nNHU6Kg/eJoBs7RrM9doMv0vSa456LyJJrNCBUXCQ2kRCUq?= =?us-ascii?Q?vj5htg4VbcOJVOvDydvFYAwQoa/bcJsJSAPLDOwNQiTpgasnf2mrXi8Dr8va?= =?us-ascii?Q?JScYc5KEWKCYO1am6W5xThyO62jy+1UCQTDaDiYYzrkyYPcHK0oklL/3a1HH?= =?us-ascii?Q?3v77LDtjUMOzE2sckUdYv468OreruOu0lzje18F/uLkS6hkZRblJPh1PHMvE?= =?us-ascii?Q?W1CfvgzHRYpaHG5jodhv9uZb33eq/aTrVoAKH2cfX/28cKMFDpedIF37gEv9?= =?us-ascii?Q?A0fROUGWqmYPcSDCttin93rhX2jJOeOQZJRwPJiQzT+ICK1f57pzkw02h1ul?= =?us-ascii?Q?Vc1Ds5tjU37Y1Kg9c/11Orj4b3eaAtJJack7rd6Bpq73ukDWkwaoTRpWuDcT?= =?us-ascii?Q?egLTcoGZHkjk7Prqy5EH6iYOT93dn0Y6C9SM9mgXjBa+d3iAFQMZ4t0l7aFc?= =?us-ascii?Q?gUNkIwRIkO5B43DngKRbgTMRtyyguxsDA5C0l7yxfb0Gys6PjqYG4/mt4weY?= =?us-ascii?Q?S5wtWVR+a0Iue1VoonSN4erITKiofYnTfRsGryENNH3tQdsa/D55BiWK1eVZ?= =?us-ascii?Q?yYrKVrJRiF2hu0b7mONzpng3xuFiOmKui4F9AYbgrUGHFSzxlYwCSS/8TI7v?= =?us-ascii?Q?qkup29yhgmTBKnMNz3BbMzo2fYhMkdQ9JZvBF83Ta2Tf3SB7djE9IZujslnV?= =?us-ascii?Q?eo02sYfvdxlGjyWJjyDOz+wXLjagml8HVvWq073U64Kf6D1/hDfkAntchLYM?= =?us-ascii?Q?91MPSH+9AlMG2vnJMjwgc2Q/N0VP1+HmtCshzlwE5ebmMeVg6M476jYcB6p4?= =?us-ascii?Q?b6zJgLEiiiHLGCOAc8lAnAJPhxEM+gNf?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:18.7947 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ee1e335-0a38-4ee4-e06f-08dcd35e6713 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7169 Content-Type: text/plain; charset="utf-8" Restructure bhi mitigation to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for bhi. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index eaef5a1cb4a3..da6ca2fc939d 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); static void __init gds_apply_mitigation(void); +static void __init bhi_select_mitigation(void); +static void __init bhi_apply_mitigation(void); =20 /* The base value of the SPEC_CTRL MSR without task-specific bits set */ u64 x86_spec_ctrl_base; @@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void) */ srso_select_mitigation(); gds_select_mitigation(); + bhi_select_mitigation(); =20 /* * After mitigations are selected, some may need to update their @@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void) rfds_apply_mitigation(); srbds_apply_mitigation(); gds_apply_mitigation(); + bhi_apply_mitigation(); } =20 /* @@ -1719,12 +1723,13 @@ static bool __init spec_ctrl_bhi_dis(void) =20 enum bhi_mitigations { BHI_MITIGATION_OFF, + BHI_MITIGATION_AUTO, BHI_MITIGATION_ON, BHI_MITIGATION_VMEXIT_ONLY, }; =20 static enum bhi_mitigations bhi_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_ON : BHI_MITIG= ATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_AUTO : BHI_MIT= IGATION_OFF; =20 static int __init spectre_bhi_parse_cmdline(char *str) { @@ -1745,6 +1750,18 @@ static int __init spectre_bhi_parse_cmdline(char *st= r) early_param("spectre_bhi", spectre_bhi_parse_cmdline); =20 static void __init bhi_select_mitigation(void) +{ + if (!boot_cpu_has(X86_BUG_BHI) || cpu_mitigations_off()) + return; + + if (bhi_mitigation =3D=3D BHI_MITIGATION_OFF) + return; + + if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) + bhi_mitigation =3D BHI_MITIGATION_ON; +} + +static void __init bhi_apply_mitigation(void) { if (bhi_mitigation =3D=3D BHI_MITIGATION_OFF) return; @@ -1876,9 +1893,6 @@ static void __init spectre_v2_select_mitigation(void) mode =3D=3D SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); =20 - if (boot_cpu_has(X86_BUG_BHI)) - bhi_select_mitigation(); - spectre_v2_enabled =3D mode; pr_info("%s\n", spectre_v2_strings[mode]); =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2044.outbound.protection.outlook.com [40.107.244.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 685591C330F for ; Thu, 12 Sep 2024 19:09:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; cv=fail; b=c5XjPH+HnRAuW3ZGEUbWN3//JSGv0iMQBL+E6uidynC2gw42roBEQQe1lJ3ieT+H2J9PbOMwvs+4jcDOTjKgYGWGPh2W43pAh3Olx0k4RqmuhqUaY7QCUJ3SlJLf8qE6SZ4GxCzNGzOcIUdKxGjCrqLEfyTbL9gET3jShKY689M= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; c=relaxed/simple; bh=5Qty7If8nFoP186MZ1CO9sJl3ethDfppeRaoSPMuswc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Xia1mJ1hHGlops79ixgOZWtwsgVLSDbEv2jED/16yy10Smp6iPZC6o1xQF5ze+EnfsPebmaAWoB4n9AvJxeaD/suUq06oVLn6s54g4CsTmwOuXux6mmk5IHv+FYdi8QA4Bee77DkVIp6K+dwZlBpkNyjQximqYiT7RBp9tzkEsQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=no5XdH49; arc=fail smtp.client-ip=40.107.244.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="no5XdH49" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M/nAqrLAMVfWUAngX2+GnkEKjlEJLEbu5C045uM8stZOcKVAiM/NpNrh9nUqjGMlabWlDKasHrsc8hxIuA091yDDLApbBkydfETRBBDvdsbBRdp2cnGs3OHQXl8lCrn2HvHm2Bl/vHj4jQMfCOe/Y7Fktz1NAOS0plWx3lYF5MUCgbqswPZNBOo3ZnQEG7FtlMPxlSDBeURUcATe6/NLY63oGQauhFrurhiIqLw02t4HKpVLn+PXl3NVw+B5PKQJ4OtUO1XkKGWjbVhVdMTGpvnK3lWnKt9cG4Ov3oDWPhXmuDTfWPW0IZHHEVRrxfglRBwUw+0miLRe5ctZR+0UUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lr200QYKz8MmMWBwnWo3akqIlh4JaWqPzmXkvBo+7t4=; b=clt6oJt6lLaTHFpBWvbta1+X8l7QHdTCewufHeM0KgRSm9HYnYy33M3M7d1Kqb0PXoj6yjaWjR9SAeljWDUDINF02HV1i6EcmkcrvlHMgEmSPk4/MucjiDg4dR/E9/+S5lLwytkHeGPINVxGbe8Grl7JaXxD7mtJxgMlDbX4ZR0xOk4GFxAVIulxRNx0vpChkanDCrBdFPHXrqekq7QruFZJbPTaRfcbLX9ho6UHzgGYNe1k9yg4qE6yzP4m5nPRkARaKPwX2E3q4NmzZSxsdp6ch5Gyk5p9BwxRiwS6MgPkDgtMLx6T3FfONbLHAgGJVfH78hp/nyBg6fvT32yGYQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lr200QYKz8MmMWBwnWo3akqIlh4JaWqPzmXkvBo+7t4=; b=no5XdH49Vq0950iMWZRqzJnKBtDfQbwuR8KympG7xOrtQLfUcZFFV3rlKaAq2CsDq38M6vEJuO34FD3pVR/rMCxr3WMl0dtmtOQeehFJW2ANbWQOwrEorJesgb9+vumq/kbdWkZMob5ZC0w3Z4bCzWoeiL1Aw6P0DSVLjgBKEGc= Received: from BY3PR10CA0018.namprd10.prod.outlook.com (2603:10b6:a03:255::23) by MN2PR12MB4288.namprd12.prod.outlook.com (2603:10b6:208:1d2::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.27; Thu, 12 Sep 2024 19:09:19 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::e1) by BY3PR10CA0018.outlook.office365.com (2603:10b6:a03:255::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:19 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:15 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 14/34] x86/bugs: Restructure spectre_v2 mitigation Date: Thu, 12 Sep 2024 14:08:37 -0500 Message-ID: <20240912190857.235849-15-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|MN2PR12MB4288:EE_ X-MS-Office365-Filtering-Correlation-Id: ea965ad4-883e-4d2e-493e-08dcd35e676c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?b1nA2BMC/BVOVE525KSzr2n4QgiFSyTA9DiV/uv3bUhkGCoBmFbo9mJ8acv0?= =?us-ascii?Q?e8l42PrXECQkab6cpKtLPb+H8gRI4SP3LXEIV1oMGxz3/5Yd1yvVozc1acyL?= =?us-ascii?Q?ZAxrDzTAZQWFjeFnmL/N/Fq6RkaMHk2qw+c9pmRlxVV3e4sG2rjTJhvTCAn+?= =?us-ascii?Q?Pn+RZlT3hYblqvUOg0DTvphHgwB42Ou38Zdv1NC1iQsU/6vjh1dy/vst6eFS?= =?us-ascii?Q?xFvILiPTmA9cW9VJEj5je9VZXAyj428cFpf2sJuE3Dvwmws7wqjy/VxIKEaU?= =?us-ascii?Q?zN7FY6t0jlclfu62EOp6h6LMjA/bulxV5Ivz/uQ5NkEUeD6Tb2E+BAYnr06E?= =?us-ascii?Q?MWcbc65peEvUXCk+pbDIk2xkaRD36RWUkyL69o5stjrYy6Ayf+Mve97JaoQv?= =?us-ascii?Q?lKi7elMwmbTf5WPbuD3aMMFwfM9l+RLLcH1KIFG5EzIue4mqNWo4KbBWVrxd?= =?us-ascii?Q?itBQs6N4/WqzP4atHRl+wBti9g6rOowOYUQiygKXOmakXkHqZmSuT1KtHpOD?= =?us-ascii?Q?mZuZ3RWs5ndA1dRXgJrzfXjN1rU/ymYPjylWn4vvQ4F3fKfCm4271cklGEaS?= =?us-ascii?Q?0gRsJSH2wlsOnQ//1Au40kLMORYVnFSXSUFj/91fk61MK1iUqihEm+2oHlfO?= =?us-ascii?Q?tLL0czjLy3ZTrATzPf9FkRZH1kDCDcxLA+L6AUnNnOHgAfvEjJTgB4D1Mr2E?= =?us-ascii?Q?Tk+lX0UrFuFwc6x1XMhdsoHIan9Adv38RZPRYJ+ze1LvPnMkxxldBvKkr0Km?= =?us-ascii?Q?N8BS/S77RebyCvJOkbEH9pEXq5GHf16lQLMwYk3xRDWxcGaoamimzp+ZvlOh?= =?us-ascii?Q?WVFVcSQEnKz94B36p27vnGGoukoBCGYndcGR91uLzCtPS9/yB1vesowC/JPU?= =?us-ascii?Q?qD+m1V+OkIu8vpjzcHzAs1yO/AEZ8kvpqF7D98w+ip8qanMNbo0b9S9tGAiF?= =?us-ascii?Q?QvpMZjRuD4OG4leWUPkwVVSSX/2i5KlSJOVJHO+GTH27qXAll8ckwC9Db/lG?= =?us-ascii?Q?FgYoZ/vE0J5qh4PrE/Sj4sRkEyC6k+hsVD4Oi8wS0GTI+wogf2z3A6PXJqcG?= =?us-ascii?Q?izkqgLj0W/TH3a7fiER+m3NC9Lc6Wh9/krnq8lYlAXdnmeL1yzvtYGoRm1vl?= =?us-ascii?Q?ReSqPFJ8Imq8wq07VLNU+8UFolJkPswXk0i93HHo3jTUE+1WmmxCysO65Yv0?= =?us-ascii?Q?ug7CX3DW17EVivvJkNslePJ5m/56CsCoQGqaGzP37b5xVeaqxcMABacYAuvy?= =?us-ascii?Q?p/DfA9BNcmpjaAOS5njLuJH4Fx/C8w1WSy6B5jcPHfqzSn5Blp/Wc/z78tzj?= =?us-ascii?Q?tgoKyRSfDxuaux9PXecbHS9LXDl2lfAct5y5XrPrHnwNVi99TQH9jKPS0knS?= =?us-ascii?Q?mSYnKyX/xrb5WZVFd8yCOSrNTGNw7GPJDSpmaJAcdcZ1RIaeLk/U0KypMpoG?= =?us-ascii?Q?elyWbGXMt/PD0zEOemsSBByT6l5yGlYi?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:19.0772 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea965ad4-883e-4d2e-493e-08dcd35e676c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4288 Content-Type: text/plain; charset="utf-8" Restructure spectre_v2 to use select/update/apply functions to create consistent vulnerability handling. The spectre_v2 mitigation may be updated based on the selected retbleed mitigation. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 52 ++++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index da6ca2fc939d..32ebe9e934fe 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -56,6 +56,8 @@ static void __init spectre_v1_select_mitigation(void); static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); +static void __init spectre_v2_update_mitigation(void); +static void __init spectre_v2_apply_mitigation(void); static void __init retbleed_select_mitigation(void); static void __init retbleed_update_mitigation(void); static void __init retbleed_apply_mitigation(void); @@ -209,6 +211,7 @@ void __init cpu_select_mitigations(void) * After mitigations are selected, some may need to update their * choices. */ + spectre_v2_update_mitigation(); retbleed_update_mitigation(); spectre_v2_user_update_mitigation(); mds_update_mitigation(); @@ -217,6 +220,7 @@ void __init cpu_select_mitigations(void) rfds_update_mitigation(); =20 spectre_v1_apply_mitigation(); + spectre_v2_apply_mitigation(); retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); mds_apply_mitigation(); @@ -1794,18 +1798,18 @@ static void __init bhi_apply_mitigation(void) =20 static void __init spectre_v2_select_mitigation(void) { - enum spectre_v2_mitigation_cmd cmd =3D spectre_v2_parse_cmdline(); enum spectre_v2_mitigation mode =3D SPECTRE_V2_NONE; + spectre_v2_cmd =3D spectre_v2_parse_cmdline(); =20 /* * If the CPU is not affected and the command line mode is NONE or AUTO * then nothing to do. */ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && - (cmd =3D=3D SPECTRE_V2_CMD_NONE || cmd =3D=3D SPECTRE_V2_CMD_AUTO)) + (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE || spectre_v2_cmd =3D=3D S= PECTRE_V2_CMD_AUTO)) return; =20 - switch (cmd) { + switch (spectre_v2_cmd) { case SPECTRE_V2_CMD_NONE: return; =20 @@ -1849,10 +1853,29 @@ static void __init spectre_v2_select_mitigation(voi= d) break; } =20 - if (mode =3D=3D SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled()) + spectre_v2_enabled =3D mode; +} + +static void __init spectre_v2_update_mitigation(void) +{ + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_AUTO) { + if (IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY) && + boot_cpu_has_bug(X86_BUG_RETBLEED) && + retbleed_mitigation !=3D RETBLEED_MITIGATION_NONE && + retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF && + boot_cpu_has(X86_FEATURE_IBRS) && + boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { + spectre_v2_enabled =3D SPECTRE_V2_IBRS; + } + } +} + +static void __init spectre_v2_apply_mitigation(void) +{ + if (spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS && unprivileged_ebpf_enabl= ed()) pr_err(SPECTRE_V2_EIBRS_EBPF_MSG); =20 - if (spectre_v2_in_ibrs_mode(mode)) { + if (spectre_v2_in_ibrs_mode(spectre_v2_enabled)) { if (boot_cpu_has(X86_FEATURE_AUTOIBRS)) { msr_set_bit(MSR_EFER, _EFER_AUTOIBRS); } else { @@ -1861,7 +1884,7 @@ static void __init spectre_v2_select_mitigation(void) } } =20 - switch (mode) { + switch (spectre_v2_enabled) { case SPECTRE_V2_NONE: case SPECTRE_V2_EIBRS: break; @@ -1888,13 +1911,12 @@ static void __init spectre_v2_select_mitigation(voi= d) * JMPs gets protection against BHI and Intramode-BTI, but RET * prediction from a non-RSB predictor is still a risk. */ - if (mode =3D=3D SPECTRE_V2_EIBRS_LFENCE || - mode =3D=3D SPECTRE_V2_EIBRS_RETPOLINE || - mode =3D=3D SPECTRE_V2_RETPOLINE) + if (spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS_LFENCE || + spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS_RETPOLINE || + spectre_v2_enabled =3D=3D SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); =20 - spectre_v2_enabled =3D mode; - pr_info("%s\n", spectre_v2_strings[mode]); + pr_info("%s\n", spectre_v2_strings[spectre_v2_enabled]); =20 /* * If Spectre v2 protection has been enabled, fill the RSB during a @@ -1937,7 +1959,7 @@ static void __init spectre_v2_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switc= h\n"); =20 - spectre_v2_determine_rsb_fill_type_at_vmexit(mode); + spectre_v2_determine_rsb_fill_type_at_vmexit(spectre_v2_enabled); =20 /* * Retpoline protects the kernel, but doesn't protect firmware. IBRS @@ -1960,13 +1982,11 @@ static void __init spectre_v2_select_mitigation(voi= d) pr_info("Enabling Speculation Barrier for firmware calls\n"); } =20 - } else if (boot_cpu_has(X86_FEATURE_IBRS) && !spectre_v2_in_ibrs_mode(mod= e)) { + } else if (boot_cpu_has(X86_FEATURE_IBRS) && + !spectre_v2_in_ibrs_mode(spectre_v2_enabled)) { setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); pr_info("Enabling Restricted Speculation for firmware calls\n"); } - - /* Set up IBPB and STIBP depending on the general spectre V2 command */ - spectre_v2_cmd =3D cmd; } =20 static void update_stibp_msr(void * __unused) --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2060.outbound.protection.outlook.com [40.107.212.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1FDE1C3F02 for ; Thu, 12 Sep 2024 19:09:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.60 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; cv=fail; b=G10sF1RZQnDiQdwNBj6o4yVj//12J8d0CKfe1CRdfsorY72DQTFE5qnc6FkhSrwMKxJscxY0V+7LJOLe/Q2cYj8REx/S3AfneJFSpQ/slC6Q299s5YeeO78UckFRqEh8jOqo7ngdbsKnajuIL4aFK0pNT6+IN46fAnkoNb0M6yc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; c=relaxed/simple; bh=rIZzQpAw/qZwZZeHQa9t93kvVjJw17u1DM+8cd4q3BI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=meQAJ1gwaRl9SG0OJV2cUyMuaoPegp3ioyW7QdqMsTq+V6NXG7Ial4k6iIn6kKjYVr6tLxOThIIVKfER4NRdGh5FdRiHjIQ6ABpZG1VtVP2BhKTZVD41VZWcKd2m6pdLKpN8y9mIhLP/H7zz1ns7vvlea5IOSEB+Wsj0QGSTFMI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wl7odaKb; arc=fail smtp.client-ip=40.107.212.60 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wl7odaKb" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Pm2K4WiIOqCXqHayMwPDf346EoaI3mPkxp2yUf1aqnSxsaTUCSW2d5ko20qaC18vSYcb9Sisa31M8V5N+i1/DAOQbLtJf6uJTJW+qmLyTymQW1VX+qwou3LugGEknIzFJI0iRqjSeGJMAIyBDfMoXl3BK8GjdYQb1SbzGWlWawi+XIriLQ3kHsoe3dCySrshIlkawke5vH8pxK4U+CRsk9jMKwwVfc/7hkAa5TCIVQ6CRdyFae3Vej59Qh5jaY7TOP1iVHrUuykVbsAyus/7+fEas7NHrtGkhc85QfPK3g7DoJ703oPUmIy6W3b0xIczTanZWq59Y7Zq/ZcOr/Rk2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xtdt/6rJrvzH2q87lX9QjHwUxMrUSshkV9Icv82FCx4=; b=h9Sw3vnYVu1M0Tf0o0eZZlBGe8S+vHizp54vl1c8gF70cZcFLoVpG2ixVoX/ymBbRVEd8HwhRRqEfEdbyjDvWopxkAaQBAfozVBg+ANQM3PeswHet1veFS3JqK6L4jnFrQ8nHRNju9uAc/g8Ys+ZN2FcYVGnoayR7t0h4Lz7xenV2Z0doy/U2hC9Mk+DkHkzBO+fByvM6W8gWRUMp4yu4uDiVixQ/s/X0Va5x4zzuGmK2Va584MdMaL4vCH2AYA2XkXMGn1t6nfenIXdTT/Ew7Kz7ImoIgEVIednbYiC77vlQLPXXGXqdAkk3CJKfPD4D04L1WIo67FkXc0dY319Sg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xtdt/6rJrvzH2q87lX9QjHwUxMrUSshkV9Icv82FCx4=; b=wl7odaKbODPYzYL920OJIcnw3LtykIzahmzORwoQfQFtbltPdLxHdgIcxCKNzlgVQrCR+SGp+oavhdoMDw6ZSNOnBMTSmfDQ0IW28wLGl51yhGQBQH0NuMFbcteXiWZi37F7CI+6A4hnucKrYTqkpPA8643t2yrd/51t18ZiAE0= Received: from MW4P222CA0011.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::16) by MN2PR12MB4334.namprd12.prod.outlook.com (2603:10b6:208:1d1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:20 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::35) by MW4P222CA0011.outlook.office365.com (2603:10b6:303:114::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:19 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:15 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 15/34] x86/bugs: Restructure ssb mitigation Date: Thu, 12 Sep 2024 14:08:38 -0500 Message-ID: <20240912190857.235849-16-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|MN2PR12MB4334:EE_ X-MS-Office365-Filtering-Correlation-Id: 960c7956-f70f-4844-65c6-08dcd35e677a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?7HasLLJ1vMYraJ693MXagNqI6rBFyP00nOhC9SDbJ5eEK7UhfdKSFFzpfOKY?= =?us-ascii?Q?pC2FdzbJff82a2dsTX8/MeDvfcamZq7FXqJxpa8g57YugMJeS7VGecYfoolX?= =?us-ascii?Q?f47Y1KUSC5WxdOTgm8o6oAMADodlxKNoMIw37dH9sNdjgM+W1a4ZbypJlK9D?= =?us-ascii?Q?TZFc6lkKA4ie+6uA88hYY2r1xaEbH5iF78TthogHcO8k+jGCmOfX64kKLN8a?= =?us-ascii?Q?WUNLJmjEhyvLlSPYs/3V91hYo3E6oaw2YSuHNfPx6NsUmiUXSN9joET/7g54?= =?us-ascii?Q?pMJVYHYpyoYWXEZGOPFisPN9nb4sb9qZqnEYHd551xFPmzvvfJdC3e9HrRr+?= =?us-ascii?Q?7twQXNXEClgL3exOi2R42+vKKcBqp5NAaJgA3u5Y+sSWZv8vorpC/KO1WaFq?= =?us-ascii?Q?srFIpTqvcXmhlLqeaix3c+60l7q52zldpCqUbZ9RbgHXg4yEPJQezvKfsm2f?= =?us-ascii?Q?i+Zp8tvGieqWiDnETjnZjxZkg3gtiewWkdMFm0AyE4A0j2KyPoqNDc8oFQ1g?= =?us-ascii?Q?tSJPjzQ6EgCB4nfh+W8ATXulMsMqKIdey7exoOloDX7ncdSQIRki6CBEJhdz?= =?us-ascii?Q?pw0Yl3UyGZgu/HC5MDmIsXI7vbriCJawtnk/vA2Myr4z5LvlRDTaHkvX7wTX?= =?us-ascii?Q?9TUmKP/xY276jb54B2n1Le+NjJ3OLyGocoff7J0Ux+LboIwsFNVLlVc9dD8H?= =?us-ascii?Q?/VFwaCiRVEcrKGXy1JbbcRVR5e26gs/H9+I1aZVjOYU5fS6SgmHQ8696uCX1?= =?us-ascii?Q?se0khTOqQo10ia+Vj9vveyiOy/AY2xnmVCZONjxSJgN69zvwuJ4DSvutsR3k?= =?us-ascii?Q?/CP36QzDT6r6Fqw4eDWJ06D6RNFMUElt4K81HP4ZtxiNL/6YCTcg4/+iC1Q4?= =?us-ascii?Q?M9E6xuKfEvUY+NYBnl36CY0ABT9F6+v3e7Mvz6Be7n3w40F+i8tyy2JgJNXR?= =?us-ascii?Q?Wv030qoBoL3CFaoVOsPe2cRISazUbGmu7rzgBNPXbC/UV1Padzmi3Nak2xY8?= =?us-ascii?Q?Ri5wAiC7z8l6e9aTN/OCxT0traENULDb1r6eMcSw1t+ZZWI+LDyqr1x8dDm6?= =?us-ascii?Q?cGbl8n+KG/pNI1tAnvLtiT+fTw91qNp5rZsuzu1YDteYt3CTtYpzqF8lVFbu?= =?us-ascii?Q?DquyBiteppy3QpXtmrpDWHpkoK8CLVf65UpvLyCh2dC1BtccXbydtoOKoLR3?= =?us-ascii?Q?1oaTIBj1L9mzPeUW4BzT8UANDmnSdN7ymt4534g7qUAEIbcDx4R4IJWN6KhC?= =?us-ascii?Q?P6Kr7iMXC+Fnzrk46J3SytZHHgFbIb2LcPuI2n8eDFT4DCX3+hn9U+F0oha+?= =?us-ascii?Q?ezIAb915FUrQKqfinZhsxNpDpzHOZnfn7S0CaaI8O4SV6drS+/O3J8k/HaOL?= =?us-ascii?Q?r4sbEQ4emjxDOMdyTvogQCm/Hsz2Euoj5qolheYsrpGWaiFlXKgssZzxqBHS?= =?us-ascii?Q?0h2E+0BWchjJKovHeqBQ+sJ2Wb0DibRk?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:19.4822 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 960c7956-f70f-4844-65c6-08dcd35e677a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4334 Content-Type: text/plain; charset="utf-8" Restructure ssb to use select/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 32ebe9e934fe..c996c1521851 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -65,6 +65,7 @@ static void __init spectre_v2_user_select_mitigation(void= ); static void __init spectre_v2_user_update_mitigation(void); static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); +static void __init ssb_apply_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); @@ -223,6 +224,7 @@ void __init cpu_select_mitigations(void) spectre_v2_apply_mitigation(); retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); + ssb_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -2211,13 +2213,26 @@ static enum ssb_mitigation __init __ssb_select_miti= gation(void) break; } =20 + return mode; +} + +static void ssb_select_mitigation(void) +{ + ssb_mode =3D __ssb_select_mitigation(); + + if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) + pr_info("%s\n", ssb_strings[ssb_mode]); +} + +static void __init ssb_apply_mitigation(void) +{ /* * We have three CPU feature flags that are in play here: * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation */ - if (mode =3D=3D SPEC_STORE_BYPASS_DISABLE) { + if (ssb_mode =3D=3D SPEC_STORE_BYPASS_DISABLE) { setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE); /* * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD may @@ -2232,15 +2247,6 @@ static enum ssb_mitigation __init __ssb_select_mitig= ation(void) } } =20 - return mode; -} - -static void ssb_select_mitigation(void) -{ - ssb_mode =3D __ssb_select_mitigation(); - - if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) - pr_info("%s\n", ssb_strings[ssb_mode]); } =20 #undef pr_fmt --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2065.outbound.protection.outlook.com [40.107.223.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0AF01C2459 for ; Thu, 12 Sep 2024 19:09:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168167; cv=fail; b=oLckgBq8j1Xxz0lteBTt5Po8loDfZG5vJUZ54eFDAvlJZGddqY93GHtrC3MgUoJFUxleNiIF3Zgt4qaEsYiWPxJACtcbTcuFOiifbgeH3Us0eDtb7HENy1KRZwCf84zI0N/zepbLd4FGhnj+jVelfW++BpxI1ZulcDoFa8U0Rb4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168167; c=relaxed/simple; bh=iTB8lgYmOXPVJ3KF3yJZpUkHkDZgOt7sgqENlDq0pj4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=k4B/17GQDCB4tL1jwSORIaYR4ydyOhXFPl4t7yl0/Nz7QEdOAho36fvDrvtaAv02oPm2wG5tWeHZ/7KNuG0hSZ28OYYTcO5gBmBIymJtsEHa9E4qN15xtRnji/fdNDz08jRksfYrpd48AovhwEcHjpXf9xuH4OPDcR8kCjNWodo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Ay8IOojq; arc=fail smtp.client-ip=40.107.223.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Ay8IOojq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xXi8oyL1TITSZzhzCzfevxaiqd39m357FYLaGIC5VaPitk/+D/8nqpVFj6AGspMZy0QE66dBpWq63rbtWTRcx0flFxHbzrHiEZyDJHzJMZUyWG+j42jlUWIb73uUvirG3VDcvKSncGPpfx+Ij/6jAo7gaRcjqzBeOrmnqZHdfdWZAwL+ShvJgN7W3Ug9Uk4rUw5rh3Bzc+ZOHWhsjCG13jTmOl1vxrR5UmrhKydyNu5I5d3Vbip4rH2+tnOC736c7wlZh4t6MKJ0RgDogIDLqKv+8fewXKj3uXCICRJygR7yoDmp5+igwiNT+GbtXgpDgzXlpsroP302w/a2oYm+8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ikqZrigfAhH7U3X6eOBzwXvaxLBIp35op8sFYx9KK7M=; b=QubB5Q176ua5DPLHxUj42sI5b7F2XPZpBeyZWPZxwIO7f5hkziBqm7jAVWj9lDXjVf7NaNBO/YsbEQGi7PzFzAFpQZTjdY64BYMCQiFnABqsyOu7xuUUKfOgVQpTBDECTLlmwljOEyjlcuPMfAoZJyP4q9JufX9Tv3NwyowzWgVm311qg0zMeVqPXcqiQQ7qgNNr4431MOcdxbTyGSZ55mlZ+wcJt/5JnAfGsgqN8QiMMFNj282LIke5KqdluGwySKwp3jeM8WggviWBUPfXNBiojgzIRmQv4fMnwwowLPx1DmUxbjzoZwAmmlFB6MbOQ8crdxSTd21WUbH0+0GUew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ikqZrigfAhH7U3X6eOBzwXvaxLBIp35op8sFYx9KK7M=; b=Ay8IOojqyaYa9iGquF/4hWOuAxXQlvr9+cLC4nauXoJnGQ7la1lz8zPpuNQKhU3w4L8KEqdsBoMQvTquo474Wb9H6Y+HNpCyUB50RVUZk/BNot9A+HMGoOTZm5v0J5uwrlwHwqgXlfZ69nbdCUWoblieBkK02Yns9E71fup9Ars= Received: from BY3PR10CA0020.namprd10.prod.outlook.com (2603:10b6:a03:255::25) by SJ0PR12MB7475.namprd12.prod.outlook.com (2603:10b6:a03:48d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:20 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::fd) by BY3PR10CA0020.outlook.office365.com (2603:10b6:a03:255::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:20 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:16 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 16/34] x86/bugs: Restructure l1tf mitigation Date: Thu, 12 Sep 2024 14:08:39 -0500 Message-ID: <20240912190857.235849-17-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SJ0PR12MB7475:EE_ X-MS-Office365-Filtering-Correlation-Id: e84b4a36-5340-4ae1-7f21-08dcd35e67e3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?JayDx6UyiQ0/RW36FgXsz9mAylSBAsOvMtGXQ5fwF1PSLNl0STLkuxAfm+rG?= =?us-ascii?Q?434GinBwTXhfLEUsnJxxHnVl70MZgH4glLH3NDqS7xZQdAzYtHXg1YGtLh8H?= =?us-ascii?Q?jn9ny6SWxrd4/AJds7rMyMJHvm5HAKZShLLRllGBo4HfcD3vDvLn/FWOzKNR?= =?us-ascii?Q?iG4eOB8I5JCDahW6pWKYMP/3tznLJdfrTnS30J+uHjny3HLFq8ps+U2+wJ2M?= =?us-ascii?Q?w36xAwdksjhfug8/FSWJW0eL7BNeEK1jRVSiIKw6DDgQ2Z1H3eJ6oP64/1Cw?= =?us-ascii?Q?RQQFj+2MYDqwVd4AVWfNxNUd7Wvfkc2WHCHR3wLhrr8wgwPsB6Q6+B9jT1cZ?= =?us-ascii?Q?+a41fDnrfOOR7ce4fWZN59VrY8VhKn2bZyIOdBm+ml87oYSWg+M7tuTTelbs?= =?us-ascii?Q?0tbFJxjUI4hguJmnwOTaECRTPsVTD0Uw+jB8ExyoGucz363dQjfy473qqBz0?= =?us-ascii?Q?5Azs5IczLjfFVCvbaDUjQA3Exfkmd3thxzx81DqvbpQOzNp/ol2Y4vy8BcDN?= =?us-ascii?Q?hEt6RoOgGlhodrcvT7gDsvMO262lArx7R8v70TXLHe+lXB4pxjueGW/j9TNz?= =?us-ascii?Q?5BxDOSTpD0ddI2OLi07DhisqHp1Bt1kDxg++idzUbzL/v+vhQL1ONWpEFVW5?= =?us-ascii?Q?boA8oEv3yLwaJJJfOtkPpKLGuA8ea2lalpnHc2Yax3Dz4q6RRXKXsZ/Ol+xg?= =?us-ascii?Q?MGw+mhfXK/q77oGar2L0xut8Iywsm5y5OYym5lDuufRknHUI0dsQ2XxlRJPG?= =?us-ascii?Q?L8ErkgpJ3lmMlrsPtmwhJUql+UbmANIGA/UUNgzkGCQJTOKO2ZZwb68NK5+L?= =?us-ascii?Q?PAspM0DcV6qJuK0jOcY5MrLHP+wKZ47QBmAIPKiHCX7DGuE4c9gnvOYU0aan?= =?us-ascii?Q?W+TyrLGr0kfI9LPJX0LdRAI7yhZ3WECsZxU00ikeb25W5de0wLybboLHd3X4?= =?us-ascii?Q?qqrc68fr4FlohWy8rR6WmAc1KLhEnf3heKmyvogh27vBBWSi4wM6FplTdcx1?= =?us-ascii?Q?39BW4aSO+iH376PmEKxbAqoDouA2J5/CWay9vG9DMFzpHUrYgUnNWdDmL21b?= =?us-ascii?Q?ib/L5RHqz3q+cLz7YkhV0ebHldYCbScbCn6kJ2UIQ1edhRE5ZRS1mIV5mh2E?= =?us-ascii?Q?5kqxJazE8wzIRAN00I3eEyXCgC8Yy2uxeGPqEAgSyqxGTNHDQvKWAA9dIwno?= =?us-ascii?Q?4ipFewl+fM1OIOklQzCW1NWIBaKmajbFnfwADVJK2huzxsnu/Ank1M9gY6eC?= =?us-ascii?Q?r3B0sNZnq6wUlAgoUFR5uym6pycwocGWqMrCdOr04GaDpYg0hNqriQjxGrxl?= =?us-ascii?Q?JbmxHaWWuh6kqPBbQeNbiZ6nclvmFvqKRaum4pkla8ReFE2A1veJP23rhIhz?= =?us-ascii?Q?u9bPA2xW+bvfG7TV/sD4vN3yXlgNmOYDB8TuEytt31gvVfOzeG05ss5O2GGp?= =?us-ascii?Q?oQgl9TOvaTq+Ga/sL6enonWdSFQxygQi?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:20.1554 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e84b4a36-5340-4ae1-7f21-08dcd35e67e3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB7475 Content-Type: text/plain; charset="utf-8" Restructure l1tf to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for l1tf. Signed-off-by: David Kaplan --- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 28 ++++++++++++++++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/proces= sor.h index 187805f7db3f..ba4005a7c0e3 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -728,6 +728,7 @@ void store_cpu_caps(struct cpuinfo_x86 *info); =20 enum l1tf_mitigations { L1TF_MITIGATION_OFF, + L1TF_MITIGATION_AUTO, L1TF_MITIGATION_FLUSH_NOWARN, L1TF_MITIGATION_FLUSH, L1TF_MITIGATION_FLUSH_NOSMT, diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c996c1521851..ba10aa37d949 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -67,6 +67,7 @@ static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); static void __init ssb_apply_mitigation(void); static void __init l1tf_select_mitigation(void); +static void __init l1tf_apply_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); static void __init mds_apply_mitigation(void); @@ -225,6 +226,7 @@ void __init cpu_select_mitigations(void) retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); ssb_apply_mitigation(); + l1tf_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -2502,7 +2504,7 @@ EXPORT_SYMBOL_GPL(itlb_multihit_kvm_mitigation); =20 /* Default mitigation for L1TF-affected CPUs */ enum l1tf_mitigations l1tf_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_L1TF) ? L1TF_MITIGATION_FLUSH : L1TF_MITIGAT= ION_OFF; + IS_ENABLED(CONFIG_MITIGATION_L1TF) ? L1TF_MITIGATION_AUTO : L1TF_MITIGATI= ON_OFF; #if IS_ENABLED(CONFIG_KVM_INTEL) EXPORT_SYMBOL_GPL(l1tf_mitigation); #endif @@ -2550,22 +2552,32 @@ static void override_cache_bits(struct cpuinfo_x86 = *c) =20 static void __init l1tf_select_mitigation(void) { - u64 half_pa; - - if (!boot_cpu_has_bug(X86_BUG_L1TF)) + if (!boot_cpu_has_bug(X86_BUG_L1TF) || cpu_mitigations_off()) { + l1tf_mitigation =3D L1TF_MITIGATION_OFF; return; + } =20 - if (cpu_mitigations_off()) - l1tf_mitigation =3D L1TF_MITIGATION_OFF; - else if (cpu_mitigations_auto_nosmt()) - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; + if (l1tf_mitigation =3D=3D L1TF_MITIGATION_AUTO) { + if (cpu_mitigations_auto_nosmt()) + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; + else + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + } + +} + +static void __init l1tf_apply_mitigation(void) +{ + u64 half_pa; =20 override_cache_bits(&boot_cpu_data); =20 switch (l1tf_mitigation) { case L1TF_MITIGATION_OFF: + return; case L1TF_MITIGATION_FLUSH_NOWARN: case L1TF_MITIGATION_FLUSH: + case L1TF_MITIGATION_AUTO: break; case L1TF_MITIGATION_FLUSH_NOSMT: case L1TF_MITIGATION_FULL: --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2050.outbound.protection.outlook.com [40.107.212.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B61B51C2DC3 for ; Thu, 12 Sep 2024 19:09:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; cv=fail; b=Nh25lH3pgbFRfk2L8eFTN4zTNI8mBnpEbvdaLTowhMcDntOy1rnsevsJR3dlwbZjwroUEBEmPGvnlk9xuTw9dfQbTIaAv3VIoOgbwiXEXMkvPN7cBAI0s7Lk5uAWAhLCgRooE4lYN50RuAfwRDWYoUxy6B8SF+7SaNokCH4LZto= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; c=relaxed/simple; bh=T+VL+ljamoy7YE1sXKH9gNIJDwnuFNsJuNJgCPorlPY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tPhf/4xNtFvxsXw0u5jjhoqq0w+rWZ0zSicCJBHm/oorm4pqn9YkjeekKFq1DJUFS48tox58QCgdVZeB8iZKefSAS+cWSRUyefPKcUGaMVOyvezRPQLQaiBwRObV+HGpn1CK6+eg9OlZ2jsLtD7fQDmo+JZhQpMzpcIms56h5C4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=oYp7gIuU; arc=fail smtp.client-ip=40.107.212.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="oYp7gIuU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KY8KVMYUg2Ijfonm83cVHFMUNNPntGfjbHJeEj1J7cDmmluEEtWU5z5dICSinX7OK2iS/4PscKtL3hMEMCDk1I7Oqx84OfLt8xgzEFy57aVea2PSedmfd9p3hr1YM83pnd13ItxAO2dnQu2TgTszO2K2UzA7IYB59qYzo4BmZUidHYI+l4v6dffYolE+ZUI1n6iPSNiN6OW2cJ383fJYJxagB0MdsKN46WPHtl8MDXrhCotqY0tIQ7tXJDbtTT0i5jY0HqbBR/h33jbMLuD2GQrR6g5VVzefDNdv3moR+E/ql6TyeKsvAu1wRTLFQfm6e6+iARPsVP3Hr2Sa8gRGxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xWSFNn3vnwrNfAAfGapu4lnlBsrHG79DNWoMncBmQIA=; b=rJx+TrvxFbEhTRFIGypZTNNxWgxuuJo6sQUwOA6XuVPqFl7D9ZFWhLlnCOYWIDkUZrQNshcT1iUOW4LURLsn8ZytjlEUqfdqZJ0FCH7E8L7dSiPa0rHuLW7CqwLJgWjXE/p7ZpMlTmZAsrLslIhNoNTl2ZkOD/1xwts84Ahx2Ok6CBT798q3LU2Wpl+1VI01wQRsc+d7dv15+dE69MHhMfdPbiT7CDp4lbbAqYaJGS64fJ70NCcRjhchZAvvxrt5eZXpQWDOT+bzc/WqOJxPo+B8WI9Ysn0pG0fxQGThwuraWIvs22fQ4UDdDGilWqa9AO/lzh9RBHW6Cyv53b0tHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xWSFNn3vnwrNfAAfGapu4lnlBsrHG79DNWoMncBmQIA=; b=oYp7gIuUQXvyXuV9yTKV2t41Bg3tllANs+asY9KgeIiiwWCnpcGSXiK8QdPCF2RgyDqa7qpIzoQtw2vdP+3AtX5akB0Gf82KA3T/nLNrdtmQ+UjHc8bpCKfEthYoP8/cwU9QxYU4wO/tPQc1NCEtnmeWvPgK46xVY97+Sqh1krE= Received: from MW4P222CA0007.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::12) by PH0PR12MB8051.namprd12.prod.outlook.com (2603:10b6:510:26d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:21 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::3a) by MW4P222CA0007.outlook.office365.com (2603:10b6:303:114::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:20 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:16 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 17/34] x86/bugs: Restructure srso mitigation Date: Thu, 12 Sep 2024 14:08:40 -0500 Message-ID: <20240912190857.235849-18-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH0PR12MB8051:EE_ X-MS-Office365-Filtering-Correlation-Id: 428a0f20-7e8a-4098-e854-08dcd35e681e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?cn21mzChDELdJMOcAfa/SKfZqOIo+n8Zj2L0ywc1u4HnhdvEo6aPpSf20Cl8?= =?us-ascii?Q?vCIM7Yt3xFSgE1v2IA5oni7pMz/YB0vkIgrXJW5+/0sZQnBOxOtY3mwzr4z9?= =?us-ascii?Q?u13VIVhaz3iKn+g+Zd1yhv7YO7Uj6ehpHJhj/CBBGCHysBUl7D/AyAbgURHB?= =?us-ascii?Q?BmXmCQE3rTSQCSaKALmXGGFl+IoBPS728vgjaQwSKAmbmfCw8VNF2659Fn0m?= =?us-ascii?Q?/bFKxrpfZdzf/it9ORqGTZwknYHFApr5NzBj24GhwLbhIxsVC78eCEW/miqX?= =?us-ascii?Q?w+h1kRIvb5MnqRsCEEyTcF5XtqW0kqzr+l+PCLywmHJDnf8KzwIr4TGLmOBF?= =?us-ascii?Q?4W/PlH+T2JdOREsYuRJXvixHotnymAlWjYlc0KjPTTKulSCCl8r866ASpZJs?= =?us-ascii?Q?7KaM7kmatSs3Ztoo8vWiH7TdwifCivLolOo7GT3Ado9SiMymMjLi2BFbbqHP?= =?us-ascii?Q?GMHwO8QF9jYLxEOiKkYTncSFqbA13FjtUT3Umr7toOPJMXg86D0bJd9J2GBO?= =?us-ascii?Q?V+yHPw3STd9WxhxAPX5klK2PxOBfwQ67/Uk/eh0YG8S2uQpMEm8aq7/76Iuo?= =?us-ascii?Q?xlBG1PBrwMJ5c3uW4FgHB8Z23iN/YunkQUag31l3Mww/CM9BEqUS0toqyn5z?= =?us-ascii?Q?m5EI/8Jc5ZzGQNXksRZOpQTRr7LRb2RPTZhsWL/vViYD/XE9XvL+zWh7z7wV?= =?us-ascii?Q?XptLRoRk9NkpfXQZTWJxmFtPHaedwQlWFhntpEg7Q7FWunZcLwIpKVIFhBdA?= =?us-ascii?Q?KWKFAJhOv6t1sQmKuxkADmdLx5Or4mboHgBA77kYbA+0pJ4ORMjEYa25goSU?= =?us-ascii?Q?ejSrJD386RnK1FhA8E5muAuLbgCt/QQEwo7M1LCXr/txlj0XSHmms4sNFCUI?= =?us-ascii?Q?Vm+DouHMxrGhcyvkq69yT0nDCxbysvpmHAgdh0YeOXxsk78G9rf5JrMOhjYg?= =?us-ascii?Q?XSS741rQdYjMtjLKIprMUFHJk49Up1VhmJkRaLvhvwyQyVkjGJgYIUVbt2iI?= =?us-ascii?Q?AVR8vBbPFLIyng2Gy58LdjpPObk6VfreprEezYAq0yS7C3c6mA3PxYCMcc72?= =?us-ascii?Q?v6/VHkN2bszFPMRIljuPisgSQE7y49KUfTHbc0Re38x9ClxVpZyPNfOWN0Z7?= =?us-ascii?Q?4LglponqFLgAcQLEM9gijHiNfx0hDjzrB0FxHO2F8tKf+N+yixVQR6inPP0U?= =?us-ascii?Q?BfzU5fsrnJC/c5FIq8bPKkdWXe24mzwdt2b+/DW2/BsBM76RUbUw9qn+B+0D?= =?us-ascii?Q?Rl+2IyafJMzth53Jnrrz34TArCTCx1QKpwerL4LYHYtuozy2uanaQgqK5laO?= =?us-ascii?Q?0BNQ2u3O1D2b7tP9ozGAtF6R3SsKHF7kNQQ5cqxKT+qrJ87aOlhKCbX0/Zy9?= =?us-ascii?Q?AW3Arw4lxOg6kZ9vUthj7v8VYEslIG/AnyB7nbhQ5qoK8URvNb6cYZ3ONLm2?= =?us-ascii?Q?BLWZEBdHi6NkS/q4Vjcq7RYj1n9UOTds?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:20.5447 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 428a0f20-7e8a-4098-e854-08dcd35e681e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8051 Content-Type: text/plain; charset="utf-8" Restructure srso to use select/update/apply functions to create consistent vulnerability handling. Like with retbleed, the command line options directly select mitigations which can later be modified. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 136 ++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index ba10aa37d949..334fd2c5251d 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -84,6 +84,8 @@ static void __init srbds_select_mitigation(void); static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); +static void __init srso_update_mitigation(void); +static void __init srso_apply_mitigation(void); static void __init gds_select_mitigation(void); static void __init gds_apply_mitigation(void); static void __init bhi_select_mitigation(void); @@ -200,11 +202,6 @@ void __init cpu_select_mitigations(void) rfds_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); - - /* - * srso_select_mitigation() depends and must run after - * retbleed_select_mitigation(). - */ srso_select_mitigation(); gds_select_mitigation(); bhi_select_mitigation(); @@ -220,6 +217,7 @@ void __init cpu_select_mitigations(void) taa_update_mitigation(); mmio_update_mitigation(); rfds_update_mitigation(); + srso_update_mitigation(); =20 spectre_v1_apply_mitigation(); spectre_v2_apply_mitigation(); @@ -232,6 +230,7 @@ void __init cpu_select_mitigations(void) mmio_apply_mitigation(); rfds_apply_mitigation(); srbds_apply_mitigation(); + srso_apply_mitigation(); gds_apply_mitigation(); bhi_apply_mitigation(); } @@ -2637,6 +2636,7 @@ early_param("l1tf", l1tf_cmdline); =20 enum srso_mitigation { SRSO_MITIGATION_NONE, + SRSO_MITIGATION_AUTO, SRSO_MITIGATION_UCODE_NEEDED, SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED, SRSO_MITIGATION_MICROCODE, @@ -2645,14 +2645,6 @@ enum srso_mitigation { SRSO_MITIGATION_IBPB_ON_VMEXIT, }; =20 -enum srso_mitigation_cmd { - SRSO_CMD_OFF, - SRSO_CMD_MICROCODE, - SRSO_CMD_SAFE_RET, - SRSO_CMD_IBPB, - SRSO_CMD_IBPB_ON_VMEXIT, -}; - static const char * const srso_strings[] =3D { [SRSO_MITIGATION_NONE] =3D "Vulnerable", [SRSO_MITIGATION_UCODE_NEEDED] =3D "Vulnerable: No microcode", @@ -2663,8 +2655,7 @@ static const char * const srso_strings[] =3D { [SRSO_MITIGATION_IBPB_ON_VMEXIT] =3D "Mitigation: IBPB on VMEXIT only" }; =20 -static enum srso_mitigation srso_mitigation __ro_after_init =3D SRSO_MITIG= ATION_NONE; -static enum srso_mitigation_cmd srso_cmd __ro_after_init =3D SRSO_CMD_SAFE= _RET; +static enum srso_mitigation srso_mitigation __ro_after_init =3D SRSO_MITIG= ATION_AUTO; =20 static int __init srso_parse_cmdline(char *str) { @@ -2672,15 +2663,15 @@ static int __init srso_parse_cmdline(char *str) return -EINVAL; =20 if (!strcmp(str, "off")) - srso_cmd =3D SRSO_CMD_OFF; + srso_mitigation =3D SRSO_MITIGATION_NONE; else if (!strcmp(str, "microcode")) - srso_cmd =3D SRSO_CMD_MICROCODE; + srso_mitigation =3D SRSO_MITIGATION_MICROCODE; else if (!strcmp(str, "safe-ret")) - srso_cmd =3D SRSO_CMD_SAFE_RET; + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; else if (!strcmp(str, "ibpb")) - srso_cmd =3D SRSO_CMD_IBPB; + srso_mitigation =3D SRSO_MITIGATION_IBPB; else if (!strcmp(str, "ibpb-vmexit")) - srso_cmd =3D SRSO_CMD_IBPB_ON_VMEXIT; + srso_mitigation =3D SRSO_MITIGATION_IBPB_ON_VMEXIT; else pr_err("Ignoring unknown SRSO option (%s).", str); =20 @@ -2696,12 +2687,16 @@ static void __init srso_select_mitigation(void) =20 if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off() || - srso_cmd =3D=3D SRSO_CMD_OFF) { + srso_mitigation =3D=3D SRSO_MITIGATION_NONE) { if (boot_cpu_has(X86_FEATURE_SBPB)) x86_pred_cmd =3D PRED_CMD_SBPB; return; } =20 + /* Default mitigation */ + if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + if (has_microcode) { /* * Zen1/2 with SMT off aren't vulnerable after the right @@ -2713,29 +2708,59 @@ static void __init srso_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_SRSO_NO); return; } - - if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) { - srso_mitigation =3D SRSO_MITIGATION_IBPB; - goto out; - } } else { pr_warn("IBPB-extending microcode not applied!\n"); pr_warn(SRSO_NOTICE); =20 - /* may be overwritten by SRSO_CMD_SAFE_RET below */ - srso_mitigation =3D SRSO_MITIGATION_UCODE_NEEDED; + /* Fall-back to Safe-RET */ + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED; } =20 - switch (srso_cmd) { - case SRSO_CMD_MICROCODE: - if (has_microcode) { - srso_mitigation =3D SRSO_MITIGATION_MICROCODE; - pr_warn(SRSO_NOTICE); - } + switch (srso_mitigation) { + case SRSO_MITIGATION_MICROCODE: + pr_warn(SRSO_NOTICE); + break; + + case SRSO_MITIGATION_SAFE_RET: + case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED: + if (!IS_ENABLED(CONFIG_MITIGATION_SRSO)) + pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); break; =20 - case SRSO_CMD_SAFE_RET: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { + case SRSO_MITIGATION_IBPB: + if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) + pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); + break; + + case SRSO_MITIGATION_IBPB_ON_VMEXIT: + if (!IS_ENABLED(CONFIG_MITIGATION_SRSO)) + pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); + break; + default: + break; + } +} + +static void __init srso_update_mitigation(void) +{ + /* If retbleed is using IBPB, that works for SRSO as well */ + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) + srso_mitigation =3D SRSO_MITIGATION_IBPB; + + pr_info("%s\n", srso_strings[srso_mitigation]); +} + +static void __init srso_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_SRSO) || + srso_mitigation =3D=3D SRSO_MITIGATION_NONE) { + if (boot_cpu_has(X86_FEATURE_SBPB)) + x86_pred_cmd =3D PRED_CMD_SBPB; + return; + } + switch (srso_mitigation) { + case SRSO_MITIGATION_SAFE_RET: + case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED: /* * Enable the return thunk for generated code * like ftrace, static_call, etc. @@ -2750,42 +2775,17 @@ static void __init srso_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_SRSO); x86_return_thunk =3D srso_return_thunk; } - if (has_microcode) - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; - else - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED; - } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } - break; - - case SRSO_CMD_IBPB: - if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { - if (has_microcode) { - setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); - srso_mitigation =3D SRSO_MITIGATION_IBPB; - } - } else { - pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); - } - break; - - case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - srso_mitigation =3D SRSO_MITIGATION_IBPB_ON_VMEXIT; - } - } else { - pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } break; + case SRSO_MITIGATION_IBPB: + setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + break; + case SRSO_MITIGATION_IBPB_ON_VMEXIT: + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + break; default: - break; + break; } =20 -out: - pr_info("%s\n", srso_strings[srso_mitigation]); } =20 #undef pr_fmt --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2057.outbound.protection.outlook.com [40.107.220.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A13311C2453 for ; Thu, 12 Sep 2024 19:09:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; cv=fail; b=VzslhAtWozuSYfawhZlDaMjpd4uHlp1F8LP8rPl4OkB8maqUeBN1zo7hfkexZSoAYX+8+/3OGD1G9SnYJgkCwboBt3LSG4SgqbhIAmEsokzzM3+2k+2rU2ukUOba0xrrB7hPRBCXcAEqGwzkoNAS8NtZEQiLvYh/nQrOUHxEZBQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168169; c=relaxed/simple; bh=6/Q8CHbmjdqrbS5JeONL3pZJ/vC7izSPsfv1e2BnI60=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QkbE2hsHYW37UAzohmCQMUIinUovsjkUoNatpA+mTAx6MQZtuJ0ol7ozsC0flivbms5xmMAF5bA8IxbawDwR+sECLVEGllys4475EVr1k+4ixHM7sGw5bXBv4uvSsh4PqPfDq/2RuQ317CnTJIbFPU43gc2ygfhBWQxnxQWDoB4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Z5qqy9Hr; arc=fail smtp.client-ip=40.107.220.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Z5qqy9Hr" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AxxDuq6DftiqHbuUsbcdHnHpmbmKYPSnqBGmBzSL3uwtWEAT4JR4b6yN8M/bRQH+5+bTCh/2VgXy/8evWVuS7dMeDuiUEdIerTN4r/6H2iH2qijjmUV5MViAaEtlVdTH0eeWMNByc90YdrJC1Hfj/rdMYfoZLW9PF/KFCKTqsRG8NkeLLuRavLFnCbnNO0hXiGnGlykvuSzVE2e6zamVoFmf7wB8M5wPBrx0J2JNET7ZM2Qubl4RC66FdYsZ3/6dVsPZ9XcY+bRHiXpLXibhHZt/HXGaep0TITWTdj3NqYVjUZoOO4s2E2Q+T0OcyaCMDaJ7bx4p5DIPqHYTMjZ/ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VJE842/DQH7Y18Kn+8BUpUlPdP/4L2y9ssRAkX4APlc=; b=crvzgXUAy2GXSMM5vh1mSweMDSZt8wtiIQ0vbo36qmlEFj2ZWB57qiD39AaWL+ECyLUDdZ5W5So5sH5LIsk6/n1MvNCIX8rwQaIEbn+ljaTVbmYfYJdNfFqN2jRJB/8hHE6SAqb7Zt8df0yYzpa6CQKLEEdFdq9m+u/HjqrMrmL4e3FLn6p4nT9l8C0k+5c1YXJOQlkVW5GJ2QUNXOe46+8jSWGks3CBuKiQ98R23E5rI7CnI7vd1CCaqijl6+mU47QamVZ8dSAbrsl9xw9QNuggE27TGmsE8H45PF3Lx1u6ZJO5gVxCdawOKxe2G5NBN0jVcG5FuN+zcPX8JmFCVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VJE842/DQH7Y18Kn+8BUpUlPdP/4L2y9ssRAkX4APlc=; b=Z5qqy9Hr/DIMduC2VzmyGg3+EjziAO12Hi1sb72OXRilfzKCDtzwlG+7Sqrcl5KkT/eVmM3JY6mMroqtuhtdQ10ABzAVBiDuPZiclDpipuWo1jx4lmuog7eNU81LW0Y42dmptZMp6XEk6Ae5WFoH8QYvzoO/16Dakzixp3fGIcg= Received: from BY3PR10CA0016.namprd10.prod.outlook.com (2603:10b6:a03:255::21) by MW6PR12MB8758.namprd12.prod.outlook.com (2603:10b6:303:23d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Thu, 12 Sep 2024 19:09:21 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::a4) by BY3PR10CA0016.outlook.office365.com (2603:10b6:a03:255::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Thu, 12 Sep 2024 19:09:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:20 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:17 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 18/34] Documentation/x86: Document the new attack vector controls Date: Thu, 12 Sep 2024 14:08:41 -0500 Message-ID: <20240912190857.235849-19-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|MW6PR12MB8758:EE_ X-MS-Office365-Filtering-Correlation-Id: bbbc636c-230c-46e3-dc37-08dcd35e6861 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|82310400026|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HJEyNV+64EKzc4VCR7VItCExQ697JPg0VftlXijd0vBEhdmPyc1ffgRnPtT8?= =?us-ascii?Q?cRQWnqKz0iUdZh9NmEI7nbw0GLIX/RqB1lLGSZxsOa8r+m3QWwEzGwNEFIUs?= =?us-ascii?Q?QHw10MTaqShUzxlNHSOIZ/pxSXM0kOm96BBnZa4lEMysUBKbaJ9Sg4h4VW35?= =?us-ascii?Q?RvFkNGeIjo0WHSzk/ro9aBjmN2S1/MG5ed1d/VlVTJbsxMarYrStiWMb7qxQ?= =?us-ascii?Q?qNkmx79zRbfA5/MEPURROUUi4embwh2dSaev9XozQc457f1kbEAYAJ048jvT?= =?us-ascii?Q?TOV4D9cv94rYsOyJp9ym7mS9E6xS5u4Qs+KmaLXtoaqVS8MgshsVZp5r3PCO?= =?us-ascii?Q?QqY/PNBeMBaAK9REbbqZdHZf1+vC8OtHCsezMIYzZ+Rla+Q8ErbXdSsZ2Z7a?= =?us-ascii?Q?QxJoInySAHU0O2dpIAHSPPSSUyJuOW2cuX3r5LZPejCGxygVgMqUybxNkQIV?= =?us-ascii?Q?ugWEZK75gzfVIAdqEKkqQzN5s9VC8TSw6joE31cGbNmsH+ATKlZ1x6DQJ0km?= =?us-ascii?Q?wug/wvjeKERJGyDGyloyAs7joIuSDOGEGooMbV8honQ8+m73llYnnHdbxBe7?= =?us-ascii?Q?552NHUHHzxVkvuirx6CzsC1Iok/a/f93AmR5cghLt/CzI7h+GT0p2GvPTCOZ?= =?us-ascii?Q?K6lxh5p8l0bhj9O6cWey/97o3qJrEaB/l+HkrEWhx0sFH76qQVJCvdiisS6q?= =?us-ascii?Q?gjeJj/KreVXKkF+3oI9qiNf+c3jBJP1KMISDIyKOdoQKl3JYIWhW8yaM1uts?= =?us-ascii?Q?LPPZNQ5Dtr27nJDcSGkEKq0Rdhjky6z/uHHbpTxF0uwdOt0dz2EpT8g77T1i?= =?us-ascii?Q?8U8WJuPL3pX7wQa/+KpYtCD1PNAy2FIXG0l3wyPOoKulZr6BeadW6IC2+Nvp?= =?us-ascii?Q?KrjRcAwAeWauGETuBSPJjvO4bZLfEF+DG0lIuffwE9Ueoe5qRpoewPI61wyZ?= =?us-ascii?Q?6Ec94Kcqp9bsu/XTEyDh1ZfBmKihw7irZZSmfrDH5B2iBhBI5ejnaB9VUaWZ?= =?us-ascii?Q?636kVjfsbdseFKq3jwPDfCm75KznL0UdFUTRzxNSmjjSntDkArji3aWsbalI?= =?us-ascii?Q?vlDLAsVkbgmBLg/COnrrEo87obOHUZa3SLfW273XIwpf+p4oeXbP6AiDnR7F?= =?us-ascii?Q?jktPoEbU+5TSQnrKK0wBoaBnL44l1zAcqT1e2UjqDMzzhDAVSVMnHC8AmAs5?= =?us-ascii?Q?pHr3M2C+tWjoW96WeRpbTiUphoh5bAvx+CPBe5U1mMAYVRDUL8l6RWM1NaG8?= =?us-ascii?Q?4zW/ebkXXZMYsQZrYTDoPZdZ9IArevDCdIez5pxMApJ9smqC5aYBrOEYL0B+?= =?us-ascii?Q?ekF5dEBlhGub/9WZOgcpdM8mw144DcaHaeN8/r/NTDjMWnymUFe46Q/qxQPl?= =?us-ascii?Q?z3hftiRrWFH+iBrdkBRKGjOc19sob8CZVgMdvH5RFBYqDLpWRe1M8L2n8J1q?= =?us-ascii?Q?lCLUtvSyzanj3FNkpn+a2hPxPpSCn4vv?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(82310400026)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:20.9054 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bbbc636c-230c-46e3-dc37-08dcd35e6861 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8758 Content-Type: text/plain; charset="utf-8" Document the 5 new attack vector command line options, how they interact with existing vulnerability controls, and recommendations on when they can be disabled. Note that while mitigating against untrusted userspace requires both mitigate_user_kernel and mitigate_user_user, these are kept separate. The kernel can control what code executes inside of it and that may affect the risk associated with vulnerabilities especially if new kernel mitigations are implemented. The same isn't typically true of userspace. In other words, the risk associated with user_user or guest_guest attacks is unlikely to change over time. While the risk associated with user_kernel or guest_host attacks may change. Therefore, these controls are separated. Signed-off-by: David Kaplan --- .../hw-vuln/attack_vector_controls.rst | 172 ++++++++++++++++++ Documentation/admin-guide/hw-vuln/index.rst | 1 + 2 files changed, 173 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/attack_vector_control= s.rst diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b= /Documentation/admin-guide/hw-vuln/attack_vector_controls.rst new file mode 100644 index 000000000000..4f77e1e69090 --- /dev/null +++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst @@ -0,0 +1,172 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Attack Vector Controls +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Attack vector controls provide a simple method to configure only the mitig= ations +for CPU vulnerabilities which are relevant given the intended use of a sys= tem. +Administrators are encouraged to consider which attack vectors are relevan= t and +disable all others in order to recoup system performance. + +When new relevant CPU vulnerabilities are found, they will be added to the= se +attack vector controls so administrators will likely not need to reconfigu= re +their command line parameters as mitigations will continue to be correctly +applied based on the chosen attack vector controls. + +Attack Vectors +-------------- + +There are 5 sets of attack-vector mitigations currently supported by the k= ernel: + +#. :ref:`user_kernel` (mitigate_user_kernel=3D ) +#. :ref:`user_user` (mitigate_user_user=3D ) +#. :ref:`guest_host` (mitigate_guest_host=3D ) +#. :ref:`guest_guest` (mitigate_guest_guest=3D) +#. :ref:`cross_thread` (mitigate_cross_thread=3D ) + +Each control may either be specified as 'off' or 'on'. + +.. _user_kernel: + +User-to-Kernel +^^^^^^^^^^^^^^ + +The user-to-kernel attack vector involves a malicious userspace program +attempting to leak kernel data into userspace by exploiting a CPU vulnerab= ility. +The kernel data involved might be limited to certain kernel memory, or inc= lude +all memory in the system, depending on the vulnerability exploited. + +If no untrusted userspace applications are being run, such as with single-= user +systems, consider disabling user-to-kernel mitigations. + +Note that the CPU vulnerabilities mitigated by Linux have generally not be= en +shown to be exploitable from browser-based sandboxes. User-to-kernel +mitigations are therefore mostly relevant if unknown userspace application= s may +be run by untrusted users. + +*mitigate_user_kernel defaults to 'on'* + +.. _user_user: + +User-to-User +^^^^^^^^^^^^ + +The user-to-user attack vector involves a malicious userspace program atte= mpting +to influence the behavior of another unsuspecting userspace program in ord= er to +exfiltrate data. The vulnerability of a userspace program is based on the +program itself and the interfaces it provides. + +If no untrusted userspace applications are being run, consider disabling +user-to-user mitigations. + +Note that because the Linux kernel contains a mapping of all physical memo= ry, +preventing a malicious userspace program from leaking data from another +userspace program requires mitigating user-to-kernel attacks as well for +complete protection. + +*mitigate_user_user defaults to 'on'* + +.. _guest_host: + +Guest-to-Host +^^^^^^^^^^^^^ + +The guest-to-host attack vector involves a malicious VM attempting to leak +hypervisor data into the VM. The data involved may be limited, or may +potentially include all memory in the system, depending on the vulnerabili= ty +exploited. + +If no untrusted VMs are being run, consider disabling guest-to-host mitiga= tions. + +*mitigate_guest_host defaults to 'on' if KVM support is present* + +.. _guest_guest: + +Guest-to-Guest +^^^^^^^^^^^^^^ + +The guest-to-guest attack vector involves a malicious VM attempting to inf= luence +the behavior of another unsuspecting VM in order to exfiltrate data. The +vulnerability of a VM is based on the code inside the VM itself and the +interfaces it provides. + +If no untrusted VMs, or only a single VM is being run, consider disabling +guest-to-guest mitigations. + +Similar to the user-to-user attack vector, preventing a malicious VM from +leaking data from another VM requires mitigating guest-to-host attacks as = well +due to the Linux kernel phys map. + +*mitigate_guest_guest defaults to 'on' if KVM support is present* + +.. _cross_thread: + +Cross-Thread +^^^^^^^^^^^^ + +The cross-thread attack vector involves a malicious userspace program or +malicious VM either observing or attempting to influence the behavior of c= ode +running on the SMT sibling thread in order to exfiltrate data. + +Many cross-thread attacks can only be mitigated if SMT is disabled, which = will +result in reduced CPU core count and reduced performance. Enabling mitiga= tions +for the cross-thread attack vector may result in SMT being disabled, depen= ding +on the CPU vulnerabilities detected. + +*mitigate_cross_thread defaults to 'off'* + +Interactions with command-line options +-------------------------------------- + +The global 'mitigations=3Doff' command line takes precedence over all atta= ck +vector controls and will disable all mitigations. + +Vulnerability-specific controls (e.g. "retbleed=3Doff") take precedence ov= er all +attack vector controls. Mitigations for individual vulnerabilities may be +turned on or off via their command-line options regardless of the attack v= ector +controls. + +Summary of attack-vector mitigations +------------------------------------ + +When a vulnerability is mitigated due to an attack-vector control, the def= ault +mitigation option for that particular vulnerability is used. To use a dif= ferent +mitigation, please use the vulnerability-specific command line option. + +The table below summarizes which vulnerabilities are mitigated when differ= ent +attack vectors are enabled and assuming the CPU is vulnerable. + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D +Vulnerability User-to-Kernel User-to-User Guest-to-Host Guest-to-Guest C= ross-Thread +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D +BHI X X +GDS X X X X +L1TF X = (Note 1) +MDS X X X X = (Note 1) +MMIO X X X X = (Note 1) +Meltdown X +Retbleed X X = (Note 2) +RFDS X X X X +Spectre_v1 X +Spectre_v2 X X +Spectre_v2_user X X +SRBDS X X X X +SRSO X X +SSB (Note 3) +TAA X X X X = (Note 1) +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D + +Notes: + 1 -- Disables SMT if cross-thread mitigations are selected and CPU is = vulnerable + + 2 -- Disables SMT if cross-thread mitigations are selected, CPU is vul= nerable, + and STIBP is not supported + + 3 -- Speculative store bypass is always enabled by default (no kernel + mitigation applied) unless overridden with spec_store_bypass_disable op= tion + +When an attack-vector is disabled (e.g., *mitigate_user_kernel=3Doff*), all +mitigations for the vulnerabilities listed in the above table are disabled, +unless mitigation is required for a different enabled attack-vector or a +mitigation is explicitly selected via a vulnerability-specific command line +option. diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/ad= min-guide/hw-vuln/index.rst index ff0b440ef2dc..1add4a0baeb0 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -9,6 +9,7 @@ are configurable at compile, boot or run time. .. toctree:: :maxdepth: 1 =20 + attack_vector_controls spectre l1tf mds --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2071.outbound.protection.outlook.com [40.107.220.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 362681C2DB1 for ; Thu, 12 Sep 2024 19:09:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; cv=fail; b=m2bSDPgok5nfDh+GxYuqf0xTMGW89AUHaJC4rnBDZ8QZS2bWrgtzpE2fEGdyC5jpiqNbJCpl6qat/oSOSLlI/qFPtrFzeD3Eb8ypd9oBFWRD5KnvfHyJPB9e9jiL7iQz4TKM1lMQU6Wq/yUqXqwMoxD+hWtiXXhOrC/AmkmRfiY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; c=relaxed/simple; bh=n0ewX1m0DVXMIt29Ih9ptk95o4XuQQVWouoMhFlNwzA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Te6xl+KFgqz2BRCbhAZhyx1bgV6wxDpvFmXZKTH3M5QJZcDKsvMZLlX4Bg9ZOQYb+R1xUbyWleAcIBgdKkLHf8zR6U5pgOsJnk5R20xNXg3W+KG/OqnbxnxqfjkWUjRwUjRe1r58waF0Y7mTJrEGAgJXljQBJoPriYnwDlqdxwc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=nms+UU5X; arc=fail smtp.client-ip=40.107.220.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="nms+UU5X" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XMKgZIzhMk80MWOhtVLGJTu9bqn5xQQ8qgjUKNV4YiGkI0MAqowiHDLB9NK1cis3bzclBpex1/jukEfdOwJLS5wzN04pN1VAVWJ5zz9Co1mxyZxjQ5V6Jtw00cJlC6hhpu+iCLr662lvCKUlhtc3wiW4GFhgrSznDPLeAgImRu8gIce1TYDk0PB3ekGw1mTPI5DAt2ApoDNAMObfVS/GQ6TlRas17Z+C5UxCiil5UkqKU00Po1lgcrYRGltYYoaaL8/IS4Qw1K1mp0i4gxnJ4zb+ePoDdhd+OjiunnvZGk25TiPkrLWsTHRVky2CjSBfunKuTnifpvgpKNk+gp9Pog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=poHheHxdxiwnT7zxGa+k80TxnHbojjrRI+aJ6pOCjcU=; b=H6RjiaWLEMurS6lhLONnOOB+ZwJ4xSwcMeXopCnlZEt4vFDHD/A/2YWIcSt+Lk20lHk3OPE8y4AQ5dJ8tveKYrvI3dTL3M8E0ld3upnYTYz3Csz18oRoKhvdEpb4+dXX27YJ3JlbHaN4NrfzzicdqTIE23RQWFqzgVljzoJrppWUj2MNtqvkVzhxewbGR3UIWC54rKAFypqc7I+OBMyyyZ/jbp5SqkcMLdWhk61osbD721DqjyK2o0HniBR8jYSR047bW1lZ1uOsgj+LxrTS0sdbt5Zi7WFVGZQ+chu1bWxyEJq19Yaa8qtORKozVQZm/aQC/6LMDJphLcgjTQX1tA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=poHheHxdxiwnT7zxGa+k80TxnHbojjrRI+aJ6pOCjcU=; b=nms+UU5XGnx963s568VA5XldjbAOmManTOl0QiPY4EFAHe/jhH1RicEVAN2mTm0Nx41kzXYAQ7zw+1ZgOjT6VPJRhsb/F4Q3IDR5XDSbiOlhWMaXU1+XxAMRKfEEMXERkJc9N7gg4CqFOwCTlhMIS+gdTC/Zk9yHZNiwPnh46so= Received: from MW4P222CA0008.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::13) by SJ0PR12MB8614.namprd12.prod.outlook.com (2603:10b6:a03:47d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:21 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::c3) by MW4P222CA0008.outlook.office365.com (2603:10b6:303:114::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:21 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:17 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 19/34] x86/bugs: Define attack vectors Date: Thu, 12 Sep 2024 14:08:42 -0500 Message-ID: <20240912190857.235849-20-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|SJ0PR12MB8614:EE_ X-MS-Office365-Filtering-Correlation-Id: 40f4f274-60eb-4d46-9394-08dcd35e68ab X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|82310400026|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?kXS8fk48DlgEIbZHP4+px/UEFHNZfpG0+sKIz0P2vAHyPxKGoqnVR5moVmLd?= =?us-ascii?Q?OwbEoqBeqThHtRruzn8HZtuwY96xtLkQZV+LzVf5G/vCgZbBAPWNivAgz14j?= =?us-ascii?Q?PZ4eLP+p/KQAKqzhb+zfJ2bQO455e4rRFHdl6U0sovZMzDDTVKY+HAZ7ATFk?= =?us-ascii?Q?WCmuP5DSF5/JZ/YqmiINvedCbAFUNSUhdNw6BgnRJxOmlLqxSVtZeIRVdj+S?= =?us-ascii?Q?18Ug8ZoQa0jEMXUkkRAlQXFUnHkgEgUde8/F+1nzk+4OFDyXOIvABLK5lZHJ?= =?us-ascii?Q?ls2jRnS1N6ckbUNQICMc7y9E1TCVgcawi4Tf3U9YvS9U+uDW0yxI6VyqtpSy?= =?us-ascii?Q?vspu4YUccVIiGokKNmBLIPWRrr5R4eukHAMCnehDflIl9yKYqB/uyoV7Ie53?= =?us-ascii?Q?tLDOE72eXRrD1fpCmGMMbbAIbaNfDxoj72Hedte5WR6kWX2ti70oF/tLrL4T?= =?us-ascii?Q?ivpU0smtMpkm5sQwW5zzU4jtbuCfFYUGJFeCKmeRk8fc4wpOBL4NelqUOgtU?= =?us-ascii?Q?2MlfMSgs8e+8q/2Gu8pX3gK6q89SkFCJAL8EyM8S46n/7dhxDwtvY09y65qm?= =?us-ascii?Q?ppqVPBODM1ooBgeJ1AKpwTN5xaAaG1qvZj2EaHPXN+zR2XYB5HW9/I/1OBtI?= =?us-ascii?Q?vLZyB7x9jnohSMT8LbC+TPBcHhD8rlzmxP/j6cYw+tdHVP1h2nEkHKhEtGdH?= =?us-ascii?Q?72pCDd6aPuvgR5/RVUXT1HtBn0sVhYgs4nmNYALcw+RoyC+FnmgA42UArjul?= =?us-ascii?Q?FqGbRP7TZ0yDavlb4yCllagdHc6PZe31iNhlJ17RG7tm6yocL3GH++8lzPTT?= =?us-ascii?Q?3ozCRFnD+C255ZkQLLyZyWI3V9kBbHEiWcwup1D/VEV3QcoqC8/5wnZbeYxu?= =?us-ascii?Q?WdbWy9dyJshLVYd+oj+mGZh2NYbm19aBg8o7Q/K90XcfR86NiQb/a1abG6rt?= =?us-ascii?Q?gFRzqgAr15BtsdB79qETIocdq5OLAXAStnmVtZxtrXecmhuQ+/B1wrRqJR7q?= =?us-ascii?Q?BmN2AKhYjMi8a5sJuInLPaei8xqPDIm5S7uafFsJlGvdR3Op7+n/cHVCyoMX?= =?us-ascii?Q?QVzTqIG8upNs914LOYDeYSLZWpqwKNlxNGRObSKGrpdROXqtrs+2DqfpENpF?= =?us-ascii?Q?kyiV05O23xK1ThURiBqDnvi5SFSI2pI11f3KiB2ku36SoPd35cFG7S/A1LK5?= =?us-ascii?Q?ArIUUhgZ5vd0PK7o7Oz3Q6fT7SSjtZaXV4vIaYHLBrON5avQ6nn7W9cNaDaB?= =?us-ascii?Q?G3aA/sdVGlJohUViJi43HwlhC9y0igsZWbgrrUmeBaVsrhtyofdgu6N6aS2K?= =?us-ascii?Q?kNQ1tm8KbcvoeWaJ96gXi+ztl1vosMxcqZAl/tk2m/A+pSJo1FBjZHssOVTB?= =?us-ascii?Q?b03RumqDn5bhXekPmEs/HoAy35e07Rax/3mGOy1QIAZGU9PSRGQaXK6u4vSU?= =?us-ascii?Q?xMKYCfkAegg/ne6HA1H6rmIgTbjQZCB7?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:21.4666 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 40f4f274-60eb-4d46-9394-08dcd35e68ab X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB8614 Content-Type: text/plain; charset="utf-8" Define 5 new attack vectors that are used for controlling CPU speculation mitigations and associated command line options. Each attack vector may be enabled or disabled, which affects the CPU mitigations enabled. The default settings for these attack vectors are consistent with existing kernel defaults, other than the automatic disabling of VM-based attack vectors if KVM support is not present. Signed-off-by: David Kaplan --- include/linux/cpu.h | 11 +++++++++ kernel/cpu.c | 58 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/include/linux/cpu.h b/include/linux/cpu.h index bdcec1732445..b25566e1fb04 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -189,6 +189,17 @@ void cpuhp_report_idle_dead(void); static inline void cpuhp_report_idle_dead(void) { } #endif /* #ifdef CONFIG_HOTPLUG_CPU */ =20 +enum cpu_attack_vectors { + CPU_MITIGATE_USER_KERNEL, + CPU_MITIGATE_USER_USER, + CPU_MITIGATE_GUEST_HOST, + CPU_MITIGATE_GUEST_GUEST, + CPU_MITIGATE_CROSS_THREAD, + NR_CPU_ATTACK_VECTORS, +}; + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v); + #ifdef CONFIG_CPU_MITIGATIONS extern bool cpu_mitigations_off(void); extern bool cpu_mitigations_auto_nosmt(void); diff --git a/kernel/cpu.c b/kernel/cpu.c index d293d52a3e00..980653a55d9c 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3201,6 +3201,22 @@ enum cpu_mitigations { =20 static enum cpu_mitigations cpu_mitigations __ro_after_init =3D CPU_MITIGA= TIONS_AUTO; =20 +/* + * All except the cross-thread attack vector are mitigated by default. + * Cross-thread mitigation often requires disabling SMT which is too expen= sive + * to be enabled by default. + * + * Guest-to-Host and Guest-to-Guest vectors are only needed if KVM support= is + * present. + */ +static bool cpu_mitigate_attack_vectors[NR_CPU_ATTACK_VECTORS] __ro_after_= init =3D { + [CPU_MITIGATE_USER_KERNEL] =3D true, + [CPU_MITIGATE_USER_USER] =3D true, + [CPU_MITIGATE_GUEST_HOST] =3D IS_ENABLED(CONFIG_KVM), + [CPU_MITIGATE_GUEST_GUEST] =3D IS_ENABLED(CONFIG_KVM), + [CPU_MITIGATE_CROSS_THREAD] =3D false +}; + static int __init mitigations_parse_cmdline(char *arg) { if (!strcmp(arg, "off")) @@ -3229,11 +3245,53 @@ bool cpu_mitigations_auto_nosmt(void) return cpu_mitigations =3D=3D CPU_MITIGATIONS_AUTO_NOSMT; } EXPORT_SYMBOL_GPL(cpu_mitigations_auto_nosmt); + +#define DEFINE_ATTACK_VECTOR(opt, v) \ +static int __init v##_parse_cmdline(char *arg) \ +{ \ + if (!strcmp(arg, "off")) \ + cpu_mitigate_attack_vectors[v] =3D false; \ + else if (!strcmp(arg, "on")) \ + cpu_mitigate_attack_vectors[v] =3D true; \ + else \ + pr_warn("Unsupported " opt "=3D%s\n", arg); \ + return 0; \ +} \ +early_param(opt, v##_parse_cmdline) + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v) +{ + BUG_ON(v >=3D NR_CPU_ATTACK_VECTORS); + return cpu_mitigate_attack_vectors[v]; +} +EXPORT_SYMBOL_GPL(cpu_mitigate_attack_vector); + #else static int __init mitigations_parse_cmdline(char *arg) { pr_crit("Kernel compiled without mitigations, ignoring 'mitigations'; sys= tem may still be vulnerable\n"); return 0; } + +#define DEFINE_ATTACK_VECTOR(opt, v) \ +static int __init v##_parse_cmdline(char *arg) \ +{ \ + pr_crit("Kernel compiled without mitigations, ignoring %s; system may sti= ll be vulnerable\n", opt); \ + return 0; \ +} \ +early_param(opt, v##_parse_cmdline) + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v) +{ + return false; +} +EXPORT_SYMBOL_GPL(cpu_mitigate_attack_vector); + #endif early_param("mitigations", mitigations_parse_cmdline); + +DEFINE_ATTACK_VECTOR("mitigate_user_kernel", CPU_MITIGATE_USER_KERNEL); +DEFINE_ATTACK_VECTOR("mitigate_user_user", CPU_MITIGATE_USER_USER); +DEFINE_ATTACK_VECTOR("mitigate_guest_host", CPU_MITIGATE_GUEST_HOST); +DEFINE_ATTACK_VECTOR("mitigate_guest_guest", CPU_MITIGATE_GUEST_GUEST); +DEFINE_ATTACK_VECTOR("mitigate_cross_thread", CPU_MITIGATE_CROSS_THREAD); --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2054.outbound.protection.outlook.com [40.107.94.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FF271C2DBC for ; Thu, 12 Sep 2024 19:09:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; cv=fail; b=Y5KskVWdwMtNY1Uax9sQeJbOGcKmPQaJeUXL6UTjX+LXEeaVYMsJvUv41rTytJMZLXb9gmBWgz5F32RK2DUqHdQFHwpqXqw/KCPhiyXm+NyDiucbkUONd9Sx9DbtEhzWzn8ugS+QH11coWPsQblcgWrGyFW6RE/fp2xMcSxJG+U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; c=relaxed/simple; bh=9P3b3DTnw3IoN76wb9Ycc8bwBXf1cQMbHdYcD6s/89o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qMMhRp25cTk/l/+Cz6jF9YF/RlzR/9kFqR+5Q2E9apdrfkJCXZNviwJQmthVFm/+yhW/4V06FzySRhviyQYh0pGdA5O1TtNsuih4KiJ85My7rxhODDwtqGttYu4o4kNQQtMMkI9TPOiFVamS7gEtsFghz6enZWgk379lkbNGZdg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lXCmtF3Q; arc=fail smtp.client-ip=40.107.94.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lXCmtF3Q" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=O8vhJZlXBbxkA9s/gphuU6gWaiv22bDup5lRNBGPIhp46p1K7miEAHmwBOq5PkYn1LgzGrW+GqsdRWyDfhnTF8BqLALQUeb4Tljga0UweVTprCQ93aAYUxuxGSSKfhtMR/Ia9YWtr8QuOaoi26AbFK68IMQbfFoFIU0EdO1HxIX1wQOPG2iKFecaBd+goXYr4ZZFMWacUYtFc1Y+xaQVxLPAZU/cjgdhrJ/w97eA8SJnoq23DsHnhNqqinoaetcPHyLIRg3UttP+JcXM7W3oC3/38FIkmmNFy26HEj9FRv/7A1QC7T46KP5xS8uqf8yHl6b3OkiWaGcMuCJDjIT2HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vOnhZl306dgbotDr4A7yJU2nnfN1BN/++T4obRIKwQE=; b=ao/WY0lvYZpK/rtyMjYZ9O2cUFLpp85Boemv0ZtMmc71EPHX4ViOvB0i2V1H1Yb/8NDHJ5OTyu3mY1LU1yh3zYZUyjFYvKR6C8ia2ZAKxkAANyRtDsTVCDo9UbiBal0j3kg/0USC7ppkFkBiJg22u96GL3I3ApfAw9OlRpKJGrCZpEBG+SeES8jaVdVDHOzsN24/bUhRWkOTlxQk4VtX6lfNNfGNKjww/5+SPs114mmUMULkI7aNzV67SYFR/e6RHEtZYcjk+ZXaZG8IfTuBWvpy3k6mWnXPk2w5kOh/ZaP6EwrHE2jWG/1Su0Bx59B+PE0OMu6IgqfB23E6WPYGlw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vOnhZl306dgbotDr4A7yJU2nnfN1BN/++T4obRIKwQE=; b=lXCmtF3Q8w0GN3km2tdpromYgVbKXl3bpOHP+RsewfSNkRGUu9zO1VSPOehwNRWCv4pdqR9/+WJ0aprdw7fhUjbDyTqkyTZ8IDsvpNlLq9WE19JGOBUBywa6kQheQeVsV4JJnESIaMJWyqhO6w4vrHZqrwQj1nc9oN99wv1TCbw= Received: from BY3PR10CA0011.namprd10.prod.outlook.com (2603:10b6:a03:255::16) by IA1PR12MB7661.namprd12.prod.outlook.com (2603:10b6:208:426::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:21 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::fd) by BY3PR10CA0011.outlook.office365.com (2603:10b6:a03:255::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:21 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:18 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 20/34] x86/bugs: Determine relevant vulnerabilities based on attack vector controls. Date: Thu, 12 Sep 2024 14:08:43 -0500 Message-ID: <20240912190857.235849-21-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|IA1PR12MB7661:EE_ X-MS-Office365-Filtering-Correlation-Id: df9c1a0e-7e9f-46dd-75d1-08dcd35e68bc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?rfscIIa6SM41fI/KAkNJOZegfYQBkpk8FxhVNQ/PGHGu6oiyKtkLxsKf6Zmm?= =?us-ascii?Q?fp/IBa0q0UaxvuVrvqVUkjHIq8swu1OBKiRuiK8pU7hdghONCYfQRiFoFk6F?= =?us-ascii?Q?0zyv9eN8tV0M2b2bMDmZ8Cbbs6WKYzGNoi3FNmTQvnOR/RgKaTY9dUWeNb7w?= =?us-ascii?Q?xaCVag7NWA4/qDBlw2a2KpB/AMgrjauHRNvrKl+WRLiApqOn0LjK1rmM/rVq?= =?us-ascii?Q?pe08htcFGMeCTLH7oWHaNgfqtDaOJXq/TCpwGKbPoJx/f1lRvrRfSqxT+wb2?= =?us-ascii?Q?WMpgfOEBPVdmduLnO+25AFJqHaGx7z6Kl8nJKGNHa3CNDoQ+3rUdTdP81fG3?= =?us-ascii?Q?sJNXyEoxLdhZxH1v6Gyz+qAH4xgvYoPPyQuIsxKOl3x7QF2Aipug6sU+jbdN?= =?us-ascii?Q?yS2KR5XzbPycaL3xtDLzZb/lAplJoMuuPIvBemL+sSfnAeYVYW1eJFEXK/Pl?= =?us-ascii?Q?wSfoC3fYmm5s+3Dcuw4Kuhmkhy9C7DhJt1xG2dYi20zIhRf7oqSzAd83vuTf?= =?us-ascii?Q?FOqGjnCbxeX3ki3xi7QFNPKEwQhPlZejoqTPoZeKthEnXTZ//TU0e6sSC9jz?= =?us-ascii?Q?qCY5/DbV/uRgawp8gAvMLdN9HcBUpSBVSCuVi52AEkvTqLtQyuGVdNkw9vrY?= =?us-ascii?Q?uS/nuuJZ5642P1qtTKFDYfnX16RFwMUKhy7cT+oHZ8SN1/PnCI1+SWVm9V1b?= =?us-ascii?Q?K7b57Pqn8lUQYBdA1K3fxg5nBqwDiQh18bOOP1/xYwRpYykXaJcf8/9GLeMM?= =?us-ascii?Q?XsMMBoV1eW/EDe/TBzWi59Z/Rsa2QIbigiQlAi36nhRGI9SPi+kvuK62UQt1?= =?us-ascii?Q?8bHQDjatj+mV4hYOVUKrg4L2RmD+LnLKgoRSeEu0wbgb6AmsdX6j0jv7lM/Z?= =?us-ascii?Q?+BNYmbvl4DUcsb6ZAJGHL9UD31wUf1GsbDCgdLIjUlYC9HGgDpTqVcbddV/Z?= =?us-ascii?Q?O9exaeOh2m51xKi1O6PscsxwmsKu5IbAgxrIT3CGO4YmZ4tJo+5Aw6pMegrA?= =?us-ascii?Q?uocAiLwODRHLceZUrk76kgV1yBo47mWfOhQFPonv0fj0gUDB1/A8IXA7Lxjf?= =?us-ascii?Q?/g1vto4iUBfhSF3bqwRRYwMqiI/Ykx3RJyhQ3JZ8pHDDAe1U5jf7nuQAihBP?= =?us-ascii?Q?4XoLVywqPl/Bwh7EuLl36YNDEDt83zcKaQO7rThbZz1cfNf6sKf871rQz4em?= =?us-ascii?Q?VLvSawak16rSe/oYimWLza3bp6hl2GRKJr3zo4g8W84sXZgcuo+i34wz7VEE?= =?us-ascii?Q?KjqEtxPtIlUpCKj3VboTSmdXxSlWXUh3qtxXe9Q1f+xpx2vikSp3X0ePwhq5?= =?us-ascii?Q?pC3vn5uQudeewVbKwKXcg3FKrr//WBHRs3KNZqveVq/+enH2d3f6FEFbVF9w?= =?us-ascii?Q?/OWJvGCAH4p24xny8FPPegTEdLo9fRi2IMtKgnwiqQxuUqUJsXGy+EptEFl2?= =?us-ascii?Q?FWgk53YGfy2T7e2N9A0yiND8ncm2MtWM?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:21.5929 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df9c1a0e-7e9f-46dd-75d1-08dcd35e68bc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7661 Content-Type: text/plain; charset="utf-8" The function should_mitigate_vuln() defines which vulnerabilities should be mitigated based on the selected attack vector controls. The selections here are based on the individual characteristics of each vulnerability. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 75 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 334fd2c5251d..a50c7cf2975d 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -287,6 +287,81 @@ static void x86_amd_ssb_disable(void) wrmsrl(MSR_AMD64_LS_CFG, msrval); } =20 +enum vulnerabilities { + SPECTRE_V1, + SPECTRE_V2, + RETBLEED, + SPECTRE_V2_USER, + L1TF, + MDS, + TAA, + MMIO, + RFDS, + SRBDS, + SRSO, + GDS, +}; + +/* + * Returns true if vulnerability should be mitigated based on the + * selected attack vector controls + * + * See Documentation/admin-guide/hw-vuln/attack_vector_controls.rst + */ +static bool __init should_mitigate_vuln(enum vulnerabilities vuln) +{ + switch (vuln) { + /* + * The only spectre_v1 mitigations in the kernel are related to + * SWAPGS protection on kernel entry. Therefore, protection is + * only required for the user->kernel attack vector. + */ + case SPECTRE_V1: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL); + + /* + * Both spectre_v2 and srso may allow user->kernel or + * guest->host attacks through branch predictor manipulation. + */ + case SPECTRE_V2: + case SRSO: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST); + + /* + * spectre_v2_user refers to user->user or guest->guest branch + * predictor attacks only. Other indirect branch predictor attacks + * are covered by the spectre_v2 vulnerability. + */ + case SPECTRE_V2_USER: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST); + + /* L1TF is only possible as a guest->host attack */ + case L1TF: + return cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST); + + /* + * All the vulnerabilities below allow potentially leaking data + * across address spaces. Therefore, mitigation is required for + * any of these 4 attack vectors. + */ + case MDS: + case TAA: + case MMIO: + case RFDS: + case SRBDS: + case GDS: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) || + cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST); + default: + return false; + } +} + + /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2069.outbound.protection.outlook.com [40.107.93.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BAD541C2DC4 for ; Thu, 12 Sep 2024 19:09:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; cv=fail; b=EQtOIQL0ZbFonA3NnvFG/DKMuElwMTD1ymdxLwSodDonTl6rM/4SDnMDuUun0iXXsuRu1mYOlpJnj6bx93JFrz2SJ8MBUQlFf+BYhDGiRVL1y6/ghTrIvdyfV0A3HrPzlPGPtRzqrsbe0I4nnv+ikv7g5AsmuKjI+IhTGYyPVto= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168168; c=relaxed/simple; bh=g1p2sczEJrvVkXXYOhH1qD9QJq86T8CVjTGZxyD+Pi0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IxbpsjtjAr6exWQGnDr3EAcVvSbdCw0ti1JLnfNttWInemTecroAmpWLa05r/mB6P+XMsDft49scdQdrBsCNIQuv7oh5whOk4T0Y9H7rxeyOVcRI07jXFSaQg8y1vyrDjhONlM5J8Dfn97FLCKi012YCLl30h2YYmzUA394SfII= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=iJDK2TuB; arc=fail smtp.client-ip=40.107.93.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="iJDK2TuB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YM1GjqTeO9UitvPdg3stcSOJtRaJf/KOjnIIe4+TOrD4MZQE1MAlpNInPz2aXNpOdgzWokV/URvQ5GkCp6faxt7cEW+yo/kz8cdfEfOKUNX9A5DKTIJzazUIJEmdgWYn4Dl9rBZCBuYDAxTpUqxOKLYGa4oGWxv5iQ1ZigmBrB0of7ROA7box5kjU04rKs/2tBOsXWwVCP+sl+lWwaq2j78+p1DNJ5X4CMENQ5thy6jRfuKh/Ricb2EWSpibrV/PvMndhKZRh/ZDwy1cMQI8cFulNTgWo2gXTav5pKfEgIf+HVt4i0S7WWkr26qKvO+SBN5HFytA9xtCgmDlgUmkNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F634t9K6rFK0Q/87eVi21/EeH+e4kdyRyEewvhEXG/Y=; b=bwHDoDCfHlf1fx3b6CDxp7Ce6Js+v/5hyq89vdElnB/z9sjLcLE56JFd3S/DkfvR5yQqi0dj9+lEAtcvCohnD8KlYGL1DBU/ZxuN0t9l1TyJedaqqR6Fdio75LpgAmhbbZNeAhwq6LilMPoxywTws37/dNaRiNKEbfOABS1AsdlNPEPiYH3A2sJCFgVD2y6NmU/nCt6/rXLBvS3FTv81+x1SBpv7LYDw/68He8xWaXznpPg2s/HtYNSXbLoyzE75tAYFHHDRvwrlBwl7US1FkZtB55VM7VLiXtyGni/0KRbuUt9LytkdwFLVYAz/5Gm9wnzrN0m5e3K3biA/VfB4VQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F634t9K6rFK0Q/87eVi21/EeH+e4kdyRyEewvhEXG/Y=; b=iJDK2TuB0nDtAOj5AzzMerH2pCLYSWIy6VRaxE0NCgA551tj1BX/E2NTk2udDf9qOOkUIJLMrh6iRBrTfBHb4p1lnTKTCM5RDWdIJpn4SwKhbxXP4W4eLKM/IUPIgrxrLCPClACd6krv/2GtrW0tZt2rY2y6NrHNr0fJrnu8QAo= Received: from MW4P222CA0010.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::15) by MW3PR12MB4396.namprd12.prod.outlook.com (2603:10b6:303:59::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.19; Thu, 12 Sep 2024 19:09:22 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::16) by MW4P222CA0010.outlook.office365.com (2603:10b6:303:114::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:18 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 21/34] x86/bugs: Add attack vector controls for mds Date: Thu, 12 Sep 2024 14:08:44 -0500 Message-ID: <20240912190857.235849-22-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|MW3PR12MB4396:EE_ X-MS-Office365-Filtering-Correlation-Id: ad1f32d2-6c2b-4aff-dda3-08dcd35e6916 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|82310400026|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?dRqpcRZdBpGfULjPAucLlStFvOhbVhshw1m3uzHBSN1IJj9+xKwSMctWPrGN?= =?us-ascii?Q?mfTF9InFiuOEffApih+mKzr5cjS/AMR8JW/WlMy6Ni6SssUEp7aVqk0IRp+d?= =?us-ascii?Q?nL4O7hKqsC0z+0fiz+9I9zpYIyuzUeGTbi1oLCMKz6Eqi90BOk5xS8YRVLuS?= =?us-ascii?Q?YssbhzRPLe9FVfH0AsV16SRr98g8bdr0UmemQrUHq88oFV+lrNUU3dF7exsg?= =?us-ascii?Q?OQPm1k/ejE3MAF63/bQd8dE9lXHshz6tygsTyO86n6lf6o+ggguD+BZWi6q/?= =?us-ascii?Q?l97pn+IB99YAfzBRQq1WgN8mstj8MAen5y0ENFZd/cYJKq2jO5OLBKtiRCiN?= =?us-ascii?Q?oB4doXA8CmqaOCjtUDMKuGmsK2uR9zH21/fK4nGbwNjUCj/w3X8wuDm0EY5F?= =?us-ascii?Q?9acMpI2yeI+D/AtvuB+KITMVGlJcaP45U+59svQNIRO3c7IbULKqp8gywVKG?= =?us-ascii?Q?sSTTPFpf6520QVLkZl5fxR1xWmsOWsYt6/bqvZbnvzPKCTObqW191pezyAPY?= =?us-ascii?Q?3dOV3e2/gwuiUnsArlyvPwp6jUsFPNrO4zLyxLTWLKu+wk/lDO/mtzsWMpbo?= =?us-ascii?Q?b9MsVRLdRFfVWlt6rSu75Jq8f5s3h0oQSz9+knHi50xNI7B1cFeY2auTHMMz?= =?us-ascii?Q?Sf9l+eUFrE5xwWNnFFXE730k0vJEe+7DQUB1hB3Me2z4lf3HopPmjB0fVBfA?= =?us-ascii?Q?8C9DiGhKWVwTL7c/TgTj+rRfzYKdJagqvdOnF94qpKt0lRuOpVNxVjVWUPH7?= =?us-ascii?Q?cq8TcoDEJVG1XODEneqbfVZqUSIXy35dPZ0DGHQOThu3jsC3yuDn98OuliGG?= =?us-ascii?Q?XioAv3U4sUNXSA13PBwrG+SRBihMty28tVk5ZeEl/NqZxBB+DQxcRQIY5YJ3?= =?us-ascii?Q?LDtFXrtGOBhpwwQE3XIV2AqpjUozaa50RTgI58FG/fxGqjjn0XK8R6P/pFxU?= =?us-ascii?Q?pLVTW0x/quZnrVMXgCFi2KH5OE2mfPpLI/ZLvwyaUrnvewMjwcvCJIfyg+nN?= =?us-ascii?Q?Yr7uhiMyp1YqHLJFCCPQ9wX8n1yBw3O/FcZCgd+DsrR6eo+VehSEoK5O5s62?= =?us-ascii?Q?ZLbm4U1FG7MCj6zV+HBxyyVDlBj4aTKTgaxA7YUNeW4ex1HQA8kFOVzDJLWt?= =?us-ascii?Q?Idw23Nm/hyep70fXr4y1gZ1ZLK9F9+1AGof+Ts/dO3zGeL5rIHOUopwj3U6l?= =?us-ascii?Q?mBsn7z3xJDIFNp5KSlNRVrdJuW5+I0kysSyLMDWWvIntlSDWIRjt4y90SBGG?= =?us-ascii?Q?9aOVbj79NQmHtDIWBlU6Ma1Z7e6TxpzzFwxD0a9joXvkAt/5Fc4pnBbT9lsH?= =?us-ascii?Q?7AoRKkHhW8eSq0IYI8hX2mHFIpuHkpkEUEiN9vsP7EW4Hzr/mVztCjelx+QR?= =?us-ascii?Q?2FEJI9F4ycuqS/REjVwAG+W9qmes2cQXiOB5MYuxpRpmBpFnPE6ArjW6Fc7+?= =?us-ascii?Q?JZL8xbexeP+3/XKIgSKV144QDAgGNuzQ?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(82310400026)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:22.1854 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ad1f32d2-6c2b-4aff-dda3-08dcd35e6916 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4396 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if mds mitigation is required. If cross-thread attack mitigations are required, disable SMT. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a50c7cf2975d..a5fbd7cc9e25 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -414,8 +414,12 @@ static void __init mds_select_mitigation(void) return; } =20 - if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) - mds_mitigation =3D MDS_MITIGATION_FULL; + if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(MDS)) + mds_mitigation =3D MDS_MITIGATION_FULL; + else + mds_mitigation =3D MDS_MITIGATION_OFF; + } =20 if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) @@ -446,7 +450,8 @@ static void __init mds_apply_mitigation(void) if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) && - (mds_nosmt || cpu_mitigations_auto_nosmt())) + (mds_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD))) cpu_smt_disable(false); } } --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2087.outbound.protection.outlook.com [40.107.236.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 342EC1C578F for ; Thu, 12 Sep 2024 19:09:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.87 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168174; cv=fail; b=mk2kwAI6HDtVeWhlOD/lOU9k4aZ2nS8GlJr8GZaCg2Buglpn+w0Gqt+N6h5REh8J4wgfv6TE9skKEyebXuwSvF8/wzmMBhGrCp/cNuFTYz/zZy6lt1hLJe/o/At63/PZA7UUr3mIARJQ5q1xPWYJUQ6CNHQlWRpZ1rhScPjY6QQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168174; c=relaxed/simple; bh=7xUmu0YO6Tz6h9ql30iQaoMWmxgsRhUmXm6aCRQEVNE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=K2VR136ulL1vLDNM+zEfK3AEy3nbMBqidInLqaWo0nq7FJnyXFL2z4x1CJBSXp9dnUuXTzSVPFXFVKADBCuzEMw8oY70sSQ6fl9wzScQ3wzP++PMzOpAViIj3Sc5r0YneQbCiLtbo53rscL33IncHb6ef5vXmWKewiBvw2OukJE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=u3Vb6gPe; arc=fail smtp.client-ip=40.107.236.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="u3Vb6gPe" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SGD35NDtnCIVrDSnGRkL9Xsxi51w/XfHJVEEXJorLgLR3C1OTqsRh9uTDOO1vqY0gw5LbRFWOQE3lMADePX1xx31SozmmftXEC9HZWfaPHrFBCgDbaA+B8UcdcRrmBpcJsC58z/wxh+aOu1xXH2Aep89u0Dw7EvblrQJlXL/FZ4Ms8kdEJDN8/gJS9Hurn7o8aVHIHrpSmuQzFoHrKTf5rE2dqyJqpShfMmug+BEOrEheB0VJY3t3rNx9JyC6vbZSHhM3VYdiZ/XOE4/I3tpnzNVdZd0qJ+6kFpCMa1hieWq3guH8NVLjXUx306NIis4oHh7towfVVmegnXBqassig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HEyM8JeEQopHtUCif+6CEqGATxpAr6b265TQW8AtZBM=; b=Qjd9hDHIWI1hE6IkgT3BhhF1SuI3wHIP5XMFUovqx8vzxant5xfiZt5IemrSJLGBYkM9TeZ6/kKVLRa5FIY3s1SsGtfSYYDi+695Hz4c/nQNWRNcuNWmfk3oSDZQfP9qiZz77BkRAEY4Ozeqr+cRKQS1oCuTj4jT4MJHXCB3krWe6nRgDiuUqieEdHOHEpqLxToQ1weURtZ6GSeUcpYIhrnb8sW+Cft04FV0oBsx+iy6uV4xNBovYNuPIq4oEJx5AcYGxNEek+rQsGUg3Jpj1D8aoyHWuPs9KrQv13ZDgM9PgXICy/yBpe1lTivVoPBO9DfLKIr5+FGrRuRFDppZIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HEyM8JeEQopHtUCif+6CEqGATxpAr6b265TQW8AtZBM=; b=u3Vb6gPemLARIYS7CPWpZhoYE/Lc+sMsRyZXT9W6t+mGEagj48JLvdKp3H3BDdEX2aJ6Eky7THMYYMPhaKOVRJjN+qgIeGoGe9RL9SCjUZrW155JfumtBm2HIIIKmx85H5z00c+CGeHrw/d58H6nQooBeGFG/Di0iu7wNlTrf1Y= Received: from BY3PR10CA0005.namprd10.prod.outlook.com (2603:10b6:a03:255::10) by PH7PR12MB7965.namprd12.prod.outlook.com (2603:10b6:510:270::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:22 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::9e) by BY3PR10CA0005.outlook.office365.com (2603:10b6:a03:255::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:18 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 22/34] x86/bugs: Add attack vector controls for taa Date: Thu, 12 Sep 2024 14:08:45 -0500 Message-ID: <20240912190857.235849-23-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|PH7PR12MB7965:EE_ X-MS-Office365-Filtering-Correlation-Id: ab2e0138-7493-4e6b-354e-08dcd35e693d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|82310400026|7416014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?b5q5BszcspDFY7VpCDoJlOjTuNUK0YbmCTF+00byDoUthpDZcteYKaOPDY48?= =?us-ascii?Q?3oOpwZT4jtgBdZ5XdNqvQEApDoIpZycxcdfUKWOYm48XFE3jdDfbVvTKII7Q?= =?us-ascii?Q?TyvKcyboaA3Rg5hyEx7ZzvtkGTtoSpBDBcNakXNTA76EeXDhYyp0S+40Jweh?= =?us-ascii?Q?hrix0etK8YhPSJ1jKfKb/J5FpQU0KjhufzsErylAoMwotUk9L1pyf6UcLDRp?= =?us-ascii?Q?rPXm/7B7Yp57qsx58Q0997eHf/uO57fe/7Z9JzJgmWGHNXvwbBHPVzYeIGrT?= =?us-ascii?Q?M2bWXbI4wOrTiTHafSIaeBXVODPohuFfaaWac19ovlW2XhAm/YlaEglvWOlV?= =?us-ascii?Q?0U9E/r9/vWjU1zsuwm7FYZOETesaZ7mipnmRzKuLWWPUlEnlh1ciFLwgYkgx?= =?us-ascii?Q?gJDqJ0FYFuZZvTjCTUh2xsGSJSLOOwNHtYScDC1IvAIhFovuaU/+FJbfyQD8?= =?us-ascii?Q?ojTPwhxUrtO+Jf9ZX2G4EAM2a4AC8Ot4689MGiLPbLyNhP/6ucpL/DO2W7Bg?= =?us-ascii?Q?7pIf4gxqIPC789okX/fqsJbCR2iCgdApJ00HykIhRFiW4AhOLgsFG7CkyNB9?= =?us-ascii?Q?igzQCrnWkACix9kKFH4ZKeOOt3M12kJkHxmpYT9PY0Za6EWspmy9efz/elal?= =?us-ascii?Q?NN+x7U7vvcic+UhzEDADpFdXHwZf2zoKGLSIasTtd/pl/i8QksdjT4k9Swyq?= =?us-ascii?Q?Z52Tgz9Hb/oDrG3YAb1fychNuAsCAGVuop51AMBZM8vA7BGd8IFn8fxN5uM3?= =?us-ascii?Q?kX4dT13frpp6lCP/bG3Lww6QOHIQYI8ExTlHxd125aVyiaeUiSxgPtKqDAFN?= =?us-ascii?Q?rXZzeFIAtAr/AneKKHX+Q7CiHtahcNmsJuZifxqDQm4G97vb2tMXNBVmD12A?= =?us-ascii?Q?5giAhfh0xbxjFPxUPvx39qzgHQs5ppRzOBJ/nPtSCKjJvCJbTmp2hP88mLSj?= =?us-ascii?Q?0VbVdx4dZOrwzdKwBdgLgItaUSNAJmyb/QWB4xnvxfienTE2L9cOm7GAYIp+?= =?us-ascii?Q?q+At9U+frVsU60E1rdVQhiSNadhTyK1+SFlTXx4t+/4q4Fl4ngkLvr5V5ueJ?= =?us-ascii?Q?RUagXlFjs9zcSCxk8lBkpbF8pB+bl7IbhRXEALLKSse/ryBiCTsOekqye/mz?= =?us-ascii?Q?rrEhw7VXTnXt+BUHkRwfJuohbHxDpCo/s5lDbO7TwX9ZKZkeRYQngCKKhmH+?= =?us-ascii?Q?JaXovuu1r1JnSgeFsUAKKbTrEfgr8ozhR/1AFu62dujR0eWx4Trk8wZW/C13?= =?us-ascii?Q?Nl0kOEGL2I6ZPtFB8hmOXEgTZ4Xwhpv/lwbz6Q5ZRLDm1gu+2nZta8u7K+4d?= =?us-ascii?Q?BcRD1nMd+t0+czs0IIHzMWs+bmAM7uTvpOaiQ8KwMXEeQJmViq///VElY/qF?= =?us-ascii?Q?S6sRhps9rYnys832HBBmzi+2Ea61IpcoDCanGz0a23rg4KOWR+jCOpevOVXG?= =?us-ascii?Q?mXDtAgBwQAkxz+jC0wS/VGpGnDsjPlPb?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(82310400026)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:22.4210 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ab2e0138-7493-4e6b-354e-08dcd35e693d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7965 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if taa mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a5fbd7cc9e25..f042c5595463 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -513,11 +513,17 @@ static void __init taa_select_mitigation(void) if (taa_mitigation =3D=3D TAA_MITIGATION_OFF) return; =20 - /* This handles the AUTO case. */ - if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) - taa_mitigation =3D TAA_MITIGATION_VERW; - else - taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; + if (taa_mitigation =3D=3D TAA_MITIGATION_AUTO) { + if (should_mitigate_vuln(TAA)) { + if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) + taa_mitigation =3D TAA_MITIGATION_VERW; + else + taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; + } else { + taa_mitigation =3D TAA_MITIGATION_OFF; + return; + } + } =20 /* * VERW doesn't clear the CPU buffers when MD_CLEAR=3D1 and MDS_NO=3D1. @@ -560,7 +566,8 @@ static void __init taa_apply_mitigation(void) */ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); =20 - if (taa_nosmt || cpu_mitigations_auto_nosmt()) + if (taa_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) cpu_smt_disable(false); } =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2084.outbound.protection.outlook.com [40.107.212.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 919271C3F1F for ; Thu, 12 Sep 2024 19:09:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168172; cv=fail; b=HGbgA8REqe59qT91Dp1vugOPeRZfZcbAriP2VF3/vgFFVuAAmxAHJvHZokngVp8o3jwoq9+/gJXVbFLgr3nA2Md8ElfViXZHQDAhfxjSgtYJ62tUHGH+eixTtjNuYNSOyAtIPPsFO5iAIB9gqzSzviIR6Z+VpeML7VBmx09wXNY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168172; c=relaxed/simple; bh=fHO9Apdbvzh3cE4ZQB89Z9Pp/S/eyfSTCKQOxCpxjbU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Quo4sLRmqfm1gvGWPrB/U4CJbdsxjy+pj0fhrc4kUpZkMc4GhjKy1u9z3q/vRuX1j2j/bfdqSTBZdrpMGEf1qQMyX7jG2lApRqiXRaGRiM76JywDP58qawQwwpCsU7FExzR71ZmI5EWp9Enz44fr3pVXGc3CUrRcZysMaeNG9NQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tGpjEUaQ; arc=fail smtp.client-ip=40.107.212.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tGpjEUaQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yn9O2DrG85ADkEqBsLSGpQS4btNCmvAFBkYWeFkO3Si6OkOTM0qnRPwS2m1QC+ZooY0QuC1okkCSOXjIm/iYEVMGkgYz3ZoanU05eRmy4DVlSIlz4QX9UtaE3RRbxmNDsug+x9GYNLZwDDpl62wvLiZ+aGCWAagHMxkIcg1dAyLa9bm26aYH8+P402CP4xwD0DV+6cK8bJHy3U8Xwl3V/1lWJOmRB+xG00UN9CdoTljQrWRc3T4dxDZyTPrrm64sJj17tRfjDKFNSb41l4oZOcUNEgKDtPZEMCUekP773ftPfPM6aGAgrfjlmqXPmh8cixzBiNS9kywfX+rAcRVTmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5WYTevq1lQoIboFPqigrvDmK1MYuZ8L4fA0dR1kwfss=; b=cICqGJqrrep/AQoaqB1iVUhqKH01STnmjzx31iPzxwUBrEbzblFT58D9jqRsQF+vAViNYQwiPVDRTTE/pjui+7gnfxZ2shfr6gQDVZh+A5BbEx5uRwQewiEO12YdJdGl5QQ6gpIpLg6jQTMJjjm3IynFwrgjRDbXXoBQG0VIn8IEtdPx0JJa4mZ/qoNY97k1SrURUbUQ4YotB0OAcLZWV7yR0ddFMewMPz5R/dD1SHuFRgix06Xda2lDAtmzA+IjaPeJyj6MEGJuJQfw7yF0rMIXwfWkbzMp20xai/bCJ/lQRB9lDpslyyNClqLLUOlnZELFZw66UHcwCB57gM6KZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5WYTevq1lQoIboFPqigrvDmK1MYuZ8L4fA0dR1kwfss=; b=tGpjEUaQU/rZ7EHOwtXHq4E/uM+VsNUDde+JP+Io0ca4XxFsdtr/J3w7JNN6MaofUwH+dS9yEnaBHAkH4IF8W76JJNSlP5CS97feViH2C/zAStiihQeJpE5PYrFjNLl2897OYiL3AzZWYiI7IimOiIb3DW+6WVuQxoNeUSMl8vc= Received: from MW4P222CA0014.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::19) by DS7PR12MB8420.namprd12.prod.outlook.com (2603:10b6:8:e9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Thu, 12 Sep 2024 19:09:23 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::5d) by MW4P222CA0014.outlook.office365.com (2603:10b6:303:114::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:19 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 23/34] x86/bugs: Add attack vector controls for mmio Date: Thu, 12 Sep 2024 14:08:46 -0500 Message-ID: <20240912190857.235849-24-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|DS7PR12MB8420:EE_ X-MS-Office365-Filtering-Correlation-Id: 5f58e585-bdda-4ddc-9e2f-08dcd35e6978 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?faUTH1f4QtpxmhI+ngF95sbRyj/lFTPDrMRsV0qh5ePi50DMApkX93vfG4lY?= =?us-ascii?Q?FS+m0MQaS2GU69My6pIccJ59eWJyPVvRV0NV76p0OcjWm8uVoFtxcA+PYqRe?= =?us-ascii?Q?LH7P8O2WxHD3KFBwLtWQPfH2BUKOqBPqSVuCdbPo+ELzSKqBz93QHN6+f6UQ?= =?us-ascii?Q?rk6puM9CL7+XhU2T0nYNID19Wnjs4OvC+UFwghXgncunjJni910bzyYdynvY?= =?us-ascii?Q?NVi4zx3QaSKDPBzdSYSNaYaZWblGBQR3tzmtQT+7tka+VSVwueOZqA/V5TR8?= =?us-ascii?Q?UTM8z+9CSLSl4AGwyextx1/WXUPlgIgGzF4J4HDOyimyIOpMGb4ortuLx6/a?= =?us-ascii?Q?iEJpoTT2R0BA8Wug45xNzyj8iSrECclooEtAF6ARkueFP9s2kxdUod6z+Wn7?= =?us-ascii?Q?A9b44eeYX8ZtZKSWi1pgPcQQ16hbyiMZ5eBB3wmUG6RC5M1tyjh3ELRobz5U?= =?us-ascii?Q?87lNALBif/XC9t9mnvba/C6Ixn06xBeZzLzx2o2CxyQBeIwIM/KpKAA1jjOa?= =?us-ascii?Q?VWBpcLj4uOoWUrokN1h0ZvPSmI7wHbTOQNQtwJCJaJqG2U5ZoHW9Of4tnHgW?= =?us-ascii?Q?Gra68WpUFOFN+1hnhrEzyqxcu7Oq3LGKxrg46KWXWhPEJEF22ZmGtx8u0QI2?= =?us-ascii?Q?faAQg/d2SQgMrdNH1/+dzAW0VKdDg6MV1Vu2bsy44jJbjGLTMKygLzcql74E?= =?us-ascii?Q?eODhpQbamNbonJgNMIIFgC4Jpho06GTXjasq4L1wVAvZKnvAjD4RKsnn460s?= =?us-ascii?Q?v8oBpFlbewiH49C2nAzspnoI5AmP6WoGDNGNe+E+45WxdmD89Eh/xvsZvw75?= =?us-ascii?Q?2zBPaYoydRXyhE0u5N0+3Jt42Hbgg7GDnl64qmPmnxSL1rgMjUQ02W3+dISt?= =?us-ascii?Q?AQVuYGq+BC9/lTbtqRzNxMeuALG28ZLDbxSdlpr1fjiTOkoJAyv7TgTt61v9?= =?us-ascii?Q?zcTf8WFwLrtvjq8xFVYqHUBZg8sZkWJ7/qPVuXSDtbGsRG1ZCrHzJc5FpFjJ?= =?us-ascii?Q?j5q8gXGtoUS8HOQQd5z1TDAJiaU668yqfL+t7WNPzA6hqutSUdRVeJeMaHLt?= =?us-ascii?Q?F32as8WV15v6CoB7m1Ck6bILwiwn0bFuFeWpcEJzjn/tl5T31rie35EE7arb?= =?us-ascii?Q?+d+kKNdPBOX6UessFPqOh4fWgIv64hcdCZM0lirtiU2JAjn70wTkollt4xJK?= =?us-ascii?Q?PFe7hHNKoZ1QotSb/DKk7pzNORpMpoU1tyoQnGrYSp/b5vCVY86DdHf+kA0z?= =?us-ascii?Q?7K9qWsRMlWcMXGctqBmtVWb9KJx89039Vit5fk/gCEeiTEEjHF3wl7BSKh4W?= =?us-ascii?Q?EXQYN4TBEOotUBo7trYRhATxYa6iRQs2BBS8ejkyYgSafems4krHH5BfVzcU?= =?us-ascii?Q?B5TFN3nutUhXa2Z5gpahWgLJRcoysBpZ3xCbtW7Q4Eh0YH10bJfJQcBMwHHL?= =?us-ascii?Q?GRBBN7hMKW6Gs9u73XpAZkD1kJI8n90b?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:22.8104 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5f58e585-bdda-4ddc-9e2f-08dcd35e6978 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8420 Content-Type: text/plain; charset="utf-8" Use attack vectors controls to determine if mmio mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index f042c5595463..87ddf0b67d45 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -614,20 +614,26 @@ static void __init mmio_select_mitigation(void) if (mmio_mitigation =3D=3D MMIO_MITIGATION_OFF) return; =20 - /* - * Check if the system has the right microcode. - * - * CPU Fill buffer clear mitigation is enumerated by either an explicit - * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS - * affected systems. - */ - if ((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || - (boot_cpu_has(X86_FEATURE_MD_CLEAR) && - boot_cpu_has(X86_FEATURE_FLUSH_L1D) && - !(x86_arch_cap_msr & ARCH_CAP_MDS_NO))) - mmio_mitigation =3D MMIO_MITIGATION_VERW; - else - mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; + if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) { + if (should_mitigate_vuln(MMIO)) { + /* + * Check if the system has the right microcode. + * + * CPU Fill buffer clear mitigation is enumerated by either an explicit + * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS + * affected systems. + */ + if ((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || + (boot_cpu_has(X86_FEATURE_MD_CLEAR) && + boot_cpu_has(X86_FEATURE_FLUSH_L1D) && + !(x86_arch_cap_msr & ARCH_CAP_MDS_NO))) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + else + mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; + } else { + mmio_mitigation =3D MMIO_MITIGATION_OFF; + } + } } =20 static void __init mmio_update_mitigation(void) @@ -675,7 +681,8 @@ static void __init mmio_apply_mitigation(void) if (!(x86_arch_cap_msr & ARCH_CAP_FBSDP_NO)) static_branch_enable(&mds_idle_clear); =20 - if (mmio_nosmt || cpu_mitigations_auto_nosmt()) + if (mmio_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) cpu_smt_disable(false); } =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2075.outbound.protection.outlook.com [40.107.96.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 181E01C7B63 for ; Thu, 12 Sep 2024 19:09:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168177; cv=fail; b=LGPD7eng5WVh/aiu9FCtpOVOoJPIrFbLKTqJthIbc3mwgsGdeqG78mOjOfiyDWT7EqVLndDgI8XGeadixoS2JVesLdvRA60ree2K5O7mCKPyLrLckdVRqta2m2Ti4EgO99JxEyyXPEfLwugmNcFYAROFi8ZdiN8TFR2aSxT32UA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168177; c=relaxed/simple; bh=UX+XdjiaPVh5zOstQF4uL+WUdtTqLKcp524r6ltniWQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=s3c2QO8MTfVk6/4ytVbE4/RAaiX/0ZvIZqb3nnt7UYv7I8Nw+YADqWsrfGTuWosm8MnpxKBE4G9fKrWw3a9rYsHu1a8IKmMR9NhvAOjCtiIoTXXV9YGOcGVq/8cEtlILx52/FVma/OV/Ts5Zn4hpcqaZkkfOfcey7RY05e6IJzE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=vhax1CNu; arc=fail smtp.client-ip=40.107.96.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="vhax1CNu" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uUTNcdGORNYZd8jIARAkkE/NaICIVin8wdTlFhQ7mcp8fIeZ1EdzPGQwa1Uh57+2DVQnbc5FG4esAErNs61n51aYMhkCGaOw6+DobTzUxsK/0Sd+i41bMt1xWtVo3UoJGV6tQV3N0xPqYmSUsm1ukok84aepuxBFlD9CplG3S6RiN5kfTn3D7RoE6fcw5hLUXGw2PVfDiS8kZ5coEnnRnIeY+HnMAa1ACGMvcNNSKgfznl93cgsz5UiYAmdUPduqrlSSAe0k/wKSgti1mU/H7ot7Vd20UKaRZU64g+WBgaAy1UiiTZ+wJaG0uZvYgOq6kiGRR259HJm63e0ugc7FPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7FjKT6D1IgKge+NWHMLBze0bTEC22wyrur+Z5NyCLmM=; b=xpOP7s3j+NUSAlQ8L3C7oI8a9lWy/Rezouq7XTvARRiCA35xvlVlK6h/K0QtMMOUEBwaxg2J0yWwJbUwz0dvaP/KhJJFSTsRzIKlnd1hvtCFEENNyJGrppfEUaD7zVMFQBzx8CP2xiE2ct4S+yPHWLB4nOnnQ5RJl1+gZe3HhIpsoZ6sD+gLsJ/tBCIEWIZG1RjMgf2XGOKpnSGkvTzvayz9ZIzyG0dmGXFITIH7f07p4n38rxbi4HSlZeJzP+3XFcCjXPoLDl3xM+uWyOBfiFFBEF+z9ucXbcA+VHcwSd5FLTr1ywh9aIXjtTtTDiR2g7mPYxOgme/I+C/Rz4bfcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7FjKT6D1IgKge+NWHMLBze0bTEC22wyrur+Z5NyCLmM=; b=vhax1CNuwOsXA0GnblE2KR52GzfSGuoIs9LdIihvxE6btwryOao91GjMfKrMsTMBaArY4HyXeCcfojXrBr71SmfVHRA3zmgfBg78jVRxnRdpRhwC2clMjQmyWXa9veTIWJn5TsuRbb4Def9V9e+ubpud47Tt407tkx5jwDEWMDo= Received: from BY3PR10CA0026.namprd10.prod.outlook.com (2603:10b6:a03:255::31) by MW6PR12MB8835.namprd12.prod.outlook.com (2603:10b6:303:240::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.33; Thu, 12 Sep 2024 19:09:23 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::d2) by BY3PR10CA0026.outlook.office365.com (2603:10b6:a03:255::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:22 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:19 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 24/34] x86/bugs: Add attack vector controls for rfds Date: Thu, 12 Sep 2024 14:08:47 -0500 Message-ID: <20240912190857.235849-25-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|MW6PR12MB8835:EE_ X-MS-Office365-Filtering-Correlation-Id: 9b9077c3-a9a5-4116-e324-08dcd35e698b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Frr/1jkPE+rEO5KBL+WmD5khcNeOiu3j/dHOYPJzhVlJHJnC0skQqqblsz0F?= =?us-ascii?Q?wflpuJ995W6XR6thJQBwVYniBTf6UIOyKL31kZwJ+zIC4v9efv+hw/3nrQsq?= =?us-ascii?Q?WMUmVGU1peOZaSGwV+n3fAU9KbwxnfaarxpHH8MlFORQrklX4CH5tXdzd8C7?= =?us-ascii?Q?MigQ1e+Fsneo8QPtx6aFjaHJ0HqSMFG9BAlRiFTR3GUqLltS9wY3vdxnZrT4?= =?us-ascii?Q?Q65BKzrmWpSMSjIs16jPvrP+vW/aLzFT6ebUpfyPyP5BcpETw1acMp2QH0Xc?= =?us-ascii?Q?v3e3C3arLjb4/yE9eUSXsJZwFpIxO0u/ngOA1BlhNYHsZFeGgNi2fal7bXb5?= =?us-ascii?Q?sag52WtAfbYtv3Mdib78+7xO8EWwZtAGa3UY5+rAOBxtdad4oaNQqqrEPa+d?= =?us-ascii?Q?c2wGNAJljPZZt2CB6gFwMLT/SgzqNWC2YgkxRDfqjMORgxe/rqpoqU0UZy2k?= =?us-ascii?Q?8lL2C/jALYhTqiR0lcwwZfp2a75fY5n4z0O8/aiKgkLK6ATsAxjPigL6XJyH?= =?us-ascii?Q?DVZyPeA4sjdfzORaDif6IcsJyR130TJ4OLvw+Q/nUzdTILlJeIZUp3TqWpRB?= =?us-ascii?Q?l2DLbncHOIT5urx0M8l/vyDTLryYlDY3Onl+vLWr81y3F5Z+gOYWyyHBH07D?= =?us-ascii?Q?+1x9C9fqO9r2wY37K1wwc2iBOm285/ZGu4RUiYqA+7Z0V3fmiYflsVO+Il/F?= =?us-ascii?Q?RkQj81JFwXlCGtpV20XX9QCCBIAbqBqkEC2u3DWZrAn1CJBD0MymNjIP/doQ?= =?us-ascii?Q?3F2i5H4O1ijZ0jwB+1QwIaSj5x42FTzSQNu2C9T6Vuz5OTUab6TX7z6pRS7V?= =?us-ascii?Q?oPh7h3zjx8Rq4b9B0S5TRdQl/sJGjyrrJ+AFaMvMnCjTd2tkga8uhZkCflru?= =?us-ascii?Q?LHq1Nwpn3C9TWPXGrxP9Br1wdEt39T350hOu3pB6URH5A6MCkLgX719dkkip?= =?us-ascii?Q?h5aEy9ytEyyy56SkzCBsH+cs96g1WvOpb3h4wZUfRzzYgylffmDIoOjJmPSE?= =?us-ascii?Q?gdcQOlPn/prd2UuFAHAujj8Rjuq5k0l77IOTTwShoyiZrmMtpfXAXmxh50gn?= =?us-ascii?Q?/CQv4IGd7fA17C4bVaye4hf2JD+bOQoxjRfNWODpP13NpwDmeUWOoVJfqnXn?= =?us-ascii?Q?oYNDNHPhar6RG+4HTm/Jl2am/gBQuDNG78xwuHiL47hzzVEUjMwLoIrCD76J?= =?us-ascii?Q?rlOZlrInJF6ZbNTl+hVVd4lxMRUeHzF8g9X4+cRMPc2VHmu74w+6LNoEzOAP?= =?us-ascii?Q?vola7++iU8w3R1/zX8NbdHvYg6DwQB6z7W4PZACrPAYvJlMXgoZRWuMj6G7X?= =?us-ascii?Q?i+e5t4Y7nxraM1f1va9wv8/mSjZudF/9ViMvtvuB1uPX2la77gfXWEfiabbh?= =?us-ascii?Q?MCldJnCXZl7Z1al0n2lM1BrKmB5xVrz1jg/6/2AJPNo+MqXmhrC0m7SUN7tw?= =?us-ascii?Q?2Fx6pv6zAgMeavDf0NxI0cqsssUcq7XV?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:22.9367 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9b9077c3-a9a5-4116-e324-08dcd35e698b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8835 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if rfds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 87ddf0b67d45..75ac56cd0e21 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -722,8 +722,14 @@ static void __init rfds_select_mitigation(void) if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF) return; =20 - if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) - rfds_mitigation =3D RFDS_MITIGATION_VERW; + if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(RFDS)) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + else { + rfds_mitigation =3D RFDS_MITIGATION_OFF; + return; + } + } =20 if (!(x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)) rfds_mitigation =3D RFDS_MITIGATION_UCODE_NEEDED; --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2070.outbound.protection.outlook.com [40.107.93.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2D4D1C3317 for ; Thu, 12 Sep 2024 19:09:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; cv=fail; b=JWVixz8P92sJnRulKr4UPHUP5Omamm45/DdfHyU/PCrH95uTaGjWIXg297Rp7JpltosmKlFrDND1RwGB28bYv39d3nicwB5r7TeGr3apLqFm+NrbsxBc9Q5F8nomwUJ5tijkjrT2ACOalDxxNiv8AQY4FQnOv3zHtJOYfCMjBB4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; c=relaxed/simple; bh=c5c0lNTHWSYa7e9HM+oT8JLYg3CQexapjEVCtMbCfAE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=F6+wOuwEbmx7JdiWAgaLd214M/Dw1jHWIg+/HhrbBHCE310VcumlV27O/caSFqO8XVs8sx26HDeBLV1NKINot+OZaaPOpz1W88+nBH6xkyLs6/v3lPexIHERvi2TgrGOPPonfZ814a0iBzNoKEVvZNqVzUIMP7ZrIybnTuu+fPo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Lz5a8QRS; arc=fail smtp.client-ip=40.107.93.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Lz5a8QRS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RBNrHSlooufy6w4+Y9/eA5Bdbjdax7KydVLA+24T2vAK4nCa3mLr6z7TMc5IEWGojIMRDJRxhvC6PeptrcS3gAHxu2is9+K8kbwoimzNzEf7Yej/8cgmhAro2K2QWgdRp6RSfk9TH+zd5ESWIqyKBpqw289Pzw943oQVXJ9Vyyg/pp/O0LCwXe6Fm8DgLC9IA0XwbP/k05cz1M1xDTSZw24p663uokecVpyqsX2SFnSyOhD0ahqX3mVTzR+wfk/k/EN/jcBcNkHEUuVdeUFHGct+Omt+g2T0vY0uOiFaQVZcbXi+qFRzrsgUW9i3/g2tcQRzlABGEQndX46/b2gBsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eieUojx0+v8MOsEtWa25Y5ejIu2tfx+szJ+RUkC7UJA=; b=mTMjKoe2C7wXmconkJsEs8sQwGa8xBxHmFe75Um0qzhQ2HMXhrxsEtFzKIXU9AuIM/w30tudkWmemIUPjnDeLMdur6JwpKNPXynde5bacmoqxF9YymvoKgyHY6Hrerv8fH9g8ZiqVYakePTuMDukB56ORF4xClKf/jEELiG0Ebg/EGJNDzQYFkHHYsIJcmDhbqacRyz8usbUrE0z+FlBBdBQGzF8931Ll2Y0uSnJsDXKK1IHOAQzWF5uOn+RD6UVqsigQDIDNc/+FBWMVTFgzs9euunnZPiDlv8n+D+wErinmaPF6JEkXtsGltiLAjXtjsIqdI2CxzFsc9dq6YyQvg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eieUojx0+v8MOsEtWa25Y5ejIu2tfx+szJ+RUkC7UJA=; b=Lz5a8QRSH+sXImYKZcntDJHfZVCms63Vj0b/aCYAPZHYu8q4hyJzs+dTOMpHFiDhnJE18buTjVfG6WbtOqnQk0d1DkQ+R0HnvyXbcjzzMN9xWA9RncpGo2kR4mex/ekUBAppH1gmKPTJyjnqXzhjrTFRVzK3HeTq3EMUHwkaz4U= Received: from BY3PR10CA0029.namprd10.prod.outlook.com (2603:10b6:a03:255::34) by SJ2PR12MB8926.namprd12.prod.outlook.com (2603:10b6:a03:53b::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.19; Thu, 12 Sep 2024 19:09:23 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::d2) by BY3PR10CA0029.outlook.office365.com (2603:10b6:a03:255::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:20 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 25/34] x86/bugs: Add attack vector controls for srbds Date: Thu, 12 Sep 2024 14:08:48 -0500 Message-ID: <20240912190857.235849-26-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SJ2PR12MB8926:EE_ X-MS-Office365-Filtering-Correlation-Id: 1ddb0345-65de-4181-1a69-08dcd35e69e4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?hdR6F95Dd1J55lDeOY+3QYerBI4SdHayLLv9MRaXrTkteYmDtFS1gE2we+/+?= =?us-ascii?Q?ORudYRxA1/OoGYGj83QzdI63pYge1bv6wLwCJPz1c0XBD78lKrikHvShNUIZ?= =?us-ascii?Q?xJhtrq9ZOPABmInZdT1BjdfczwOdqhfC6TL//YKpDH5qYqRzYzXKs3WGJ4qO?= =?us-ascii?Q?MmNAwm5pGuRpd6Bmi6DOkP96mQ40QqEUhkpc5iiUdYqEYlgjPLpVfINxdrcA?= =?us-ascii?Q?akZ09ILqGw9m5xpOue00+9EGLbs8oAUNHXDNw3W3EPcKqBdRQafjCv/CIh/F?= =?us-ascii?Q?TEs5t/Mql1VX0p1FVbbwuufcMS3p9O81ymYSmX3Zv2piq51N/RWcNgJbo+Sd?= =?us-ascii?Q?AGEdyEVg9G+daToxNJLZJEnNQBZL/UxeThQQL2YfaqRo23IT+QHvW4gn3A8z?= =?us-ascii?Q?A0Mp1h1cunHhlwY+sqjtRqyaGgliSCsqF2f+1ffJfFGRfJBB8jTejRocLN/g?= =?us-ascii?Q?W2kEXnrrOLgMdnaYA8bqJb4rNUIOqZXgJogsbZmg679S09JOqNHiiQSoIdAV?= =?us-ascii?Q?u2CHr2J4a7eYZG1fC0tDP19FTbK7ZafV6ncJvK+bM8q0Syu2Arsf83G0FVjL?= =?us-ascii?Q?fNQpbf53XK0uV3rvSnWRXRKejYmnFxW0mwOOtQZBCkNfXOB2+/hjyuMoQUWs?= =?us-ascii?Q?fv9kyIbx2raLd9yEnvzilyi3RHmaHmuMlqn6nri7Z9ebLPoAR7RKk65esyDO?= =?us-ascii?Q?ZRz6S+biCdU0E4E5nAKCZ/D9lhPBvUDtepd0gLP2U71B81EKZaeJMnAwWg6e?= =?us-ascii?Q?Eh+49SomNky35kDuCGJ7bSZKwq8qWpKcaN47uNJCX2CiGD2Apa+DQc0Mki5x?= =?us-ascii?Q?9O3GnuEUoWC5ixAhhVdaK1AGxkc2I/ADED3B6r3XAjykwMvQqqR4ti+uk6d/?= =?us-ascii?Q?07Z1iVHGfZtdf+K62JSeOQeM4b5mWzfdfPK304jZ9dWwF4ZCUKK+MjsfvunM?= =?us-ascii?Q?SrkjjYi2bIvJYkBPfBiamaqTUhIdPzPEi0OGeUcL3fCKFLE9whzmgeLNYfuu?= =?us-ascii?Q?gv1UEABpceOTDmXdp72grzhmOG6z20e8+Q3hew0uPAbFq0R3iwatC/4qp3K6?= =?us-ascii?Q?+0K/GpzTMY4esB8mTOt3tw//mlfBmjgaAm/aiZ4MfuHzdWERvXEfg1bYBgdo?= =?us-ascii?Q?pNAyqwSgwQr2NgLFyc85eAntChSIgJ89bI6wdnPOl9uZC1wtNkCAgog+cnMO?= =?us-ascii?Q?dfN4nWNyPP3Sy4NftoAhgjtafGxOHAMLpmHEvRy7yRDg7s7ZLRIeE2UDmJdD?= =?us-ascii?Q?k6rTsXCDFqxwJX7e23SFj3eLAE4uFamaX2EnDVs4/dBTQk1P9ntXuNmjxWhp?= =?us-ascii?Q?NxGi68VTBzS6DzIYFnVQXym4kUo1Qw39nMD+6oflGDQvKidbybfMCp/rq9T9?= =?us-ascii?Q?iRHDSiS0wKCWFVhEtRPSf3u8nNNJRW0fa2PzdxvwMjn/W6vt2HYAu4plZOg9?= =?us-ascii?Q?E16d6Ycg/UOal+wbi4mfAQhvNGD8DnW7?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:23.4835 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1ddb0345-65de-4181-1a69-08dcd35e69e4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8926 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if srbds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 75ac56cd0e21..d86755218c72 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -840,8 +840,14 @@ static void __init srbds_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_SRBDS)) return; =20 - if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) - srbds_mitigation =3D SRBDS_MITIGATION_FULL; + if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(SRBDS)) + srbds_mitigation =3D SRBDS_MITIGATION_FULL; + else { + srbds_mitigation =3D SRBDS_MITIGATION_OFF; + return; + } + } =20 /* * Check to see if this is one of the MDS_NO systems supporting TSX that --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2073.outbound.protection.outlook.com [40.107.101.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 131DC1C2DCF for ; Thu, 12 Sep 2024 19:09:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; cv=fail; b=RSnNM+JUNFTxOUCjQZoybAAlAPTnnxM04RxZPhKSqY706LDQQ+b8Yp8+WomH5wVaEyhOm1myYJ4Wd5rjGQ6HSP6vRYBd4H4AdIBkm9NRSn/m5261fI8a2oUWGe7bwA5wTKAD7ebcJDIUQ4ZS0s7E4G8gVZUoFfmz+XXiSZNUuWo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168170; c=relaxed/simple; bh=0D/tQTD4+SQNGKuIIIGvK6VVdro5iipUiRkav8+Wsus=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=R7V7gOJqV0awgXWmUDfq8gGu1pp9q6U0RJQeeMil4zU2UMedQTHxlmHaDS1G4tNRayyEuwXWdAurYIGKwfR/yMKbMlip6/NucLkYm9iNLDuXreJqw6qWytxbEjkD1nlURXzFyrJYxdqgzzW8EbIli7v5TbCH/X2yP36AYt94BrE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=C3O0yGe5; arc=fail smtp.client-ip=40.107.101.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="C3O0yGe5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gB3lm3dA+NfovNoyspYCWwZYBOVdZ32JD1CK/SayEr6yhR6ivRWeiHNho/060jWoVmIT7vUeTDuwmG0x2xfLZm9R+EO82BsNX0jUhmphZqZIybhxGLcJLALkeHHHjg0wLGO+IqCF1umgoTqaq17HCqFE2tea3fhH04cECnfuCk+DbACUA04LMur+wh2a3uo5K90goUeIb9xvbUt9unveBuZuNW7jk8DnUTNwawZk/CJXGVWbKKT3VmOQ4UB4XdQ6/r/QRXEj8JDIpyo9AhUS0iRSXNc5UBB3CY6xw6WWCSli4GxlwIBn2WZ82Cyyk+/j6jqbbHZKXAcy9JpCVkiIhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6GIC2Tcg3HCrE4RKhKoT7XQei9oWJ8ja/6cw8UurA7s=; b=b7Dnz+jo1+iF8SxPP07QJyLxzKv1XW6xWWQv5CCrqQ9oEWOtV+qPgS/3Tb8LtDY8GL7pLpFYv8ywAdlR3opTkeHi6lbUU0VupYj7MSY8cREo0C8dkbIVGiiOOKuyU5KIM74WolsoXtTtE6GhIl6dWdOGlPD63bwGywyoVDVzhxCvxQeAEiw1Ljc3O5OO2kSG2PkF1fnGCJcjj+JfNnFbXtuHrvUr+T3s8HQh4N0L5qy1/ztNueIVMi58VOEeBmF2c3QEfpXqMCmhVCKCgP8GYefs1o0z2LY+Kz3fJm0d0GBhTYp5NvQGSqw37b4hye1h71GJXUt2lK4o2/4RQy0htg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6GIC2Tcg3HCrE4RKhKoT7XQei9oWJ8ja/6cw8UurA7s=; b=C3O0yGe5Q68N2Bqrz3YH6G+dn9WVX3kuuav7UiD4JZnYg+0zpL0G32+BuVsISH3VCDU0krh0RBGwrpBrwxD+gVMR7U9LbHZWbmia5KgUniwXA+kHvCMMP10v/tb/9rr4t2PnNf1Haj8aIGS46Nev4pxqTIMoIAEUV8KKu8FzmL0= Received: from MW4P222CA0029.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::34) by PH7PR12MB5656.namprd12.prod.outlook.com (2603:10b6:510:13b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.23; Thu, 12 Sep 2024 19:09:24 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::66) by MW4P222CA0029.outlook.office365.com (2603:10b6:303:114::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:23 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:20 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 26/34] x86/bugs: Add attack vector controls for gds Date: Thu, 12 Sep 2024 14:08:49 -0500 Message-ID: <20240912190857.235849-27-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH7PR12MB5656:EE_ X-MS-Office365-Filtering-Correlation-Id: c9fb7f3f-7b86-4bf3-718a-08dcd35e69ed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|7416014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?A0jW69J7dwzDlPCDrj/CI66WBbiqlcFFFhS4ZWhT9jjm33xbedpltxeydIM7?= =?us-ascii?Q?RpYVNPrt8ZHgpHIuwGVHa9x/4anMbVtKK/mkBXdZ2XbFlP5teRLxqaPA2lpS?= =?us-ascii?Q?s0uqxbBe+z8YCpe/ppXp7KwKUfXBeVfz/RvuRwiy7yJsFh6rI2YBjtk92Fc5?= =?us-ascii?Q?VEPxxy8fnHwCq4SPWclx+x7NuwzwI+KlA+S6rhb5VQGKDcK2FSsW1KIcjGEP?= =?us-ascii?Q?HWPu+h6PIjLuIylbQOlghaS6yPcesqjGR6V50wHXSrjmV9UXuwSVHL11IewD?= =?us-ascii?Q?ZRAR9aOktu499HjPEom8Vz4hLRrCByBZ+FhMHyZaJagUx0JNZENKX45pFG/n?= =?us-ascii?Q?werPDVmolH3x5IHAGE/izgLKPW6vqN3vt+DvBUdiUSFmUC2cwwyFEZE8x3QB?= =?us-ascii?Q?XXpO88CJ6YZncdBBros22RDjQJ0yMn9QVe5S5cm2v8b5QSuGnX4UIA4qM61/?= =?us-ascii?Q?h5hWYR8Ckkv+05DIP5bBkiFezogDD3mNYF3Adfxrsy4qSG+UhbJO57DphcB5?= =?us-ascii?Q?mB5x7SjMUq1DVRNarIAV7WZ0gI9Xb72FoP9wxGg94bb8kkVZQ7qPyRncEbFr?= =?us-ascii?Q?s2fZ9GZgo7fVuOHlO2q5V951rcZG362bCb0vwbIAYg/6cGKl1XvF0gct1nmY?= =?us-ascii?Q?p8QtJ7wK5M7FzFV+KTkrKxyWDozy08uOf2Vh1u6IONpZlH9JlZfl73J3SEXm?= =?us-ascii?Q?4sZ89+eRJxbIjBUUxu9eYYqVGE9HGeKFI/O+U5Ddm1jbTcgiL1G2AztPgQmW?= =?us-ascii?Q?5pK2dZ34X0E5LTfZXf/n16uS9MrM864CDHtYjcb4ftBNWLuMq9WavoO4Aec7?= =?us-ascii?Q?KrHCvgeq+sL0Ny/GoZGjNuAkDHFHU/ZC1UlHqgYAZAHF0TOrqty866t/5BFz?= =?us-ascii?Q?B7q9n4sPXtmzULVuwObBQu1RA4fExsPCyHVjVpypQk0qUTiUO+wccYaRppxf?= =?us-ascii?Q?Di651T1rhBZ+meyeOA2/8G4CDVKDyVLnjSFU/VSy3qg0cDRRj3bs+hm1mnxt?= =?us-ascii?Q?A6lB114VVOp5VY0vBpjROqd0l7moujC648/k4LveTCCi77iE14SSc7jSvAjK?= =?us-ascii?Q?5sjhWP2zEsU2yvBP1p7mxNabhzUj7zwOO0bvRyjB0ANbRH3sxLnS75lGPt5E?= =?us-ascii?Q?Fs513Wf6ZAt0kjO1hoJiI1YAhqRiSylFL98YmCO0nlQHSRymFUMXGkqxXmF6?= =?us-ascii?Q?6cXXkKNK7PEL1rhkaNUMLlH1+l0HeouKx0iG1T4+MguC5LrsKIp8U07aKtTE?= =?us-ascii?Q?D5KgZbD1cP7HeS2VqRZk9matMbYVrCCAz5TUHyDIyCcIjdrOr5iSjjIbquUv?= =?us-ascii?Q?UDgK1A3trWSYOeC4/fYf2lnsxWzqBQ/fYKe0FEZYWPo2q8ATMXQ5n8991fOc?= =?us-ascii?Q?sl2FMy+nMmvrIdVeW2MIx2OZWR0zBaVbJIXDZUYRokTttIRkvGy/88K7y2X8?= =?us-ascii?Q?GzxTkD9eJPLUfSC2TTX5zKU1uNq8jrsC?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:23.5448 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c9fb7f3f-7b86-4bf3-718a-08dcd35e69ed X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5656 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if gds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d86755218c72..5fbf5a274c9f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1001,8 +1001,14 @@ static void __init gds_select_mitigation(void) gds_mitigation =3D GDS_MITIGATION_OFF; /* Will verify below that mitigation _can_ be disabled */ =20 - if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) - gds_mitigation =3D GDS_MITIGATION_FULL; + if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(GDS)) + gds_mitigation =3D GDS_MITIGATION_FULL; + else { + gds_mitigation =3D GDS_MITIGATION_OFF; + return; + } + } =20 /* No microcode */ if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) { --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2081.outbound.protection.outlook.com [40.107.92.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 643B71C3F39 for ; Thu, 12 Sep 2024 19:09:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.81 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168172; cv=fail; b=NbYpDA1Rafajb5RuSleARrzbAACxahbuAtFctOpE7CT1yVDpmUW4uwVZnmeftg9SuLZstvoyg/ykSh9273DfinfHP0yroxNuvK12x2yjRyYukyVO8uHe8ZZlAuAiKnVhnUFzkmLhVsWQdJyqK2KxMAnWpBWpzWh5U5vA1Q4QVcE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168172; c=relaxed/simple; bh=j6LmaWoXUlRhzads2eXo5hCylwdpiJiH0Ddd+YpNhD4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IrY96CUPfCzqz3oVNyXLhJympF02CYeWzdPO2wVVt97ovVXJmUOpLG9qAwsr4fTiZLxUbBd/d4gsGm8WfsVOKGXWoR0ZHj9KQpKQRueZLV7uh/2bhXke7i7yYASrOOtyQPKFznwBW0xca0P5yTP4sHkDBBDVXeEHUKMYUSFzcj8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EnI2acEe; arc=fail smtp.client-ip=40.107.92.81 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EnI2acEe" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OSN47Bf/FjFXppRgRZwR0P+6NPf4svxwL3/rTiq6DLx+uRHRSAipgjq3JT39SDRcxOwhlGPeuFdTUQeR7SAXoa9BSc06K/REfrycgO6F2oGzRM712GII/7etRuUAFV4FbmQlQnIIGY1qz99vZMfq23HU9uXbfNxcbUhIuojAbBlKP40aZNwig8qN6qWsGr2P8HeA763cNcgFEQazqJhd3hKp25FuVHbKBpm9G9+JoAj+JsLVhfhE4XABMqXuqNjakTmsUmZB7/gB8lvZj77CsKq/e/eOb8hqOLvHArr1RQkD23AgPsf//0q1N1Ca1aR4RgvRAe4S0VV7AE9dZm9DYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3J/Hy2K/8K1m3QhR0KtcDNU8bMjZgt93qddY9s/8ewQ=; b=q8Ig7KK13Z+DiLWJcpDxBLKNZfjNpJPR6p23TJA7BhhBJTzATqP42MEZx9C2NzKWgw8hu2DS7szmuAc4up3OfpqMUlbu+WFBCz/PwOkJ9v45CHJmyzq6zzUNmVbPX3e1FDn4RGAoHQ8xXoG+M6sIeUwQ9tIOQqGIyB3AruN3OOpjUOr4hfIdyTNgoRWB0oswqY03R3p+PWjEr1yf9QHfdBr3RnSzc0RJHp0nTMPIttoAXxbt310ztuai8huGAnnlL9fRFW68HUrzE7V/Dv1E/OQoo6ui3F8hQ+0MKbeesougFIGJyseWdqjahT6XjqX9jczBIucedlyfOv/49nPVhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3J/Hy2K/8K1m3QhR0KtcDNU8bMjZgt93qddY9s/8ewQ=; b=EnI2acEe0ZJPy2H686zkZW3fMF29HX72fc4x2KOINCSEn8jPKjPeUX/VoF26aSEHk8JL8/n6gR7xxeYxA8DBUdUxRDSpqlT/PufRS4pOLl/l9fQd1TueIugySeDbLSXN+pjsvI8yWtdU6nP56WBZQ7I2cf94ltVcPQfkmk/Xqv8= Received: from MW4P222CA0026.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::31) by PH7PR12MB7138.namprd12.prod.outlook.com (2603:10b6:510:1ee::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.27; Thu, 12 Sep 2024 19:09:24 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::d5) by MW4P222CA0026.outlook.office365.com (2603:10b6:303:114::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:24 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:21 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 27/34] x86/bugs: Add attack vector controls for spectre_v1 Date: Thu, 12 Sep 2024 14:08:50 -0500 Message-ID: <20240912190857.235849-28-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|PH7PR12MB7138:EE_ X-MS-Office365-Filtering-Correlation-Id: d0b0e1d8-c5e0-42b4-ba13-08dcd35e6a77 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HWfWL56ISWJauGan4jMaTqRgwwDGBEcihu5hGXRXLoLkVx1/AqUtBFD5dJXD?= =?us-ascii?Q?XWS9wd1RgCevGtBw/C5uAlIuVfD2Ul9JoKW7CX2tKOm7lnD9g0ShagB/jNwR?= =?us-ascii?Q?QZFn/PklguuVRaXImEn2VQIfxATDvz3ArsaIaCYjgPRTAoNdmhVFfaoVk2+B?= =?us-ascii?Q?BfIJ6YIM0wsSY40Jtw6IEtgs/gvKDQI0/OYxqGv76H4d8smPBpu51kRMeFvX?= =?us-ascii?Q?KQvcf90DiRhpXEFFiMyM1BdPKtKNJQb71g1sniM7CkHK6ZJ4YRRFXsJcWUlR?= =?us-ascii?Q?WrTRttHwD1BmtAvfmg2Jcnq6X34cKpTUgiwue123KyuCaqBvDEp1fq4B0Ve8?= =?us-ascii?Q?zr2h7XTygynKT8hIWsnfVyyy/9JEVDim1ckC/cd2FKGJzRvjESHzYogHXDUA?= =?us-ascii?Q?Jt9tWmxAP+IB/H5OCnIkDfNDqfAM8dHtQVpX8F4QJ0DfGvkX6zh3FtN/mnif?= =?us-ascii?Q?we16Aki7D7QVF9yaAg53IjkoTYd+y38/JQ5XxRNjlDgbePcWqqr5hh4fOu9u?= =?us-ascii?Q?4D9fcnrVvfc4euP8agcFpy9KrpWbQgfVAGB2BeBpYgch3aDZ9xqiH6AAN7CM?= =?us-ascii?Q?63Xib6NZWwDGNLp+RS9fJ+KFuf12zU40ePKsiRFkM9Bj1vi/d7k5hB597ABY?= =?us-ascii?Q?eX9op3W+PQF94K0lnyI/XgajwehY+Z+1E4w4Rf8JrIG6UhI/o1aVxU2kwVbc?= =?us-ascii?Q?acqDYYAhmgWl6JwcYUiC0aAOa3Kpeiv3DDRHfSwW9SkFr+hHZe03fFm34439?= =?us-ascii?Q?GoGThWCq/6SCxnS6s1W2UWIZ5gnDJ5fMPvjHmCJIpke20U0gTGYpry6UUW04?= =?us-ascii?Q?qSfgPs/6iPD+k9RO5c0cCwCkSjyv8zkw8jugBwxgOtpvP9fcMbGqJaanmmiR?= =?us-ascii?Q?UwXTKSY1kDIVg/YpPS3q/f5xFPsR6C2yZ/0v5K9/k3YnBtROhWdIjXqBWfA8?= =?us-ascii?Q?ZitoabIrfASJLSFuEpBhBAeuBRBE/IAiKSJufvLWQ3yabjhkmE5CXdB6x03w?= =?us-ascii?Q?52P9Y2FGcHp4BbaRcuq4D3SA84zhmrMso+FPW5wlZcqTCyFuHQuEpmYgaGFK?= =?us-ascii?Q?OXm0OM6fQjkZRkmhwrB5lu7z+wH2Jw2DhS3tZsNcG8rwLReM6ve7e11ueGPu?= =?us-ascii?Q?SjHr0pFQkqCzrk7KR5lh+F1CAWBs/nobdBa/MLlwOrHCxvJKw6FsL2ZZWDRf?= =?us-ascii?Q?frlw88kBKe8KGtNWgPNKT6Fg7JPbHMEu9G/HhBWJwk4TZyDApE/k3ZdJ3IdC?= =?us-ascii?Q?4Szq7WkWOoQGrGIGRfRLkH6XgxSNCQSIZU29yrjcS8VghAkHhSyr7LZmjZAo?= =?us-ascii?Q?qAJ/60aTT03yjfHHmHJqqL0uDZgrnDC7AAM7UGu149UG8vm0Qf6ugAfsQNNd?= =?us-ascii?Q?2wArHUMgrMy6GN94Ac5M/FxANDOtTJSa++U29DsEus33jvJOMqUylgvoT9EQ?= =?us-ascii?Q?8zy77GLFXT31BNviD+rZYHcgCHJ8sFPJ?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:24.4666 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d0b0e1d8-c5e0-42b4-ba13-08dcd35e6a77 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7138 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v1 mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5fbf5a274c9f..d7e154031c93 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1114,6 +1114,9 @@ static void __init spectre_v1_select_mitigation(void) { if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; + + if (!should_mitigate_vuln(SPECTRE_V1)) + spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; } =20 static void __init spectre_v1_apply_mitigation(void) --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2049.outbound.protection.outlook.com [40.107.244.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF43B1C3F01 for ; Thu, 12 Sep 2024 19:09:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; cv=fail; b=LaATQ3rIy8bvb7E+HZcW05pydlcOZwX2lQNTZk/kmGu8lVdCPQbEccRbYHJkhanyjnkctWHVyUXlFRgikzOrFm5/uymJzzf6g1KTNSrwI/EPJ0+R7SVw0UzC8q0SOR4umCy1bf2ASL/7HegBfS+bkR9s70SPArDAjrjoymeYl04= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; c=relaxed/simple; bh=IjQZZGVu96pLs8HE1Ay8UWeFgpY/LxEA1pkYz89o9mQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WumIRdqHulWHMpinih/0qUO6U2bPjs+gTyG7tcatv9qIZ0Ie9juMiQKFfTW5N5OaT3Jd1bdb5SUpSxbVFasRnKa1/19cuEfRnaJ3Ny7m123nShvpcGFlFqduabfyyEhZ36y6GGFJTkBMgN/MmHG9E4Y0eEyOK7KqCYe0uMvzEuw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fYyHoyRL; arc=fail smtp.client-ip=40.107.244.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fYyHoyRL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sVZ49DpOt2x0xHKHz+v45AWa7He3vtyawSKmMomFXrLvQki+RGf7L0Pp0XYc+Jnekk4z5oXj0QUbGNPZMZTtq/5x8OyotHEGwspD/1/Ys7ZbWkP15C1KUzh2ZraCEy4hvmRsAuA0ucsJAt1iCfH94i/lTV/UOZiibZ5c/fXAMRb5GjfUNbICr7hmaCIs7tshkRHfBFLDY02UVJzV5W2X6fhrwI2derYIYHLwGUBj6oS6Ezq+OZcNKBp1TDPRGA0OE4bv10BTzkRu8+G9LNskGqb9Q2G2kL4aPgykphnZXCLQyl2svM/Xv2hmpYtHAonSxzPFwZwxyJoGG19HlMMkVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Lz5n90Zegij7/mevfIr9Kgf287/sBKChnr6jQ6CbliM=; b=KTwDTjiQpg0IgOidAceeRU1wbQ1agl00jFWslMvt6H2EHEu2sQIsUjMEi2pxlWv8hUfU1aSdfEKK3Ch7zGI8wILJEfG2GPKjZaSrOQJAgP0p3AvycaDEoBIJRptpD2WKLGak4n6ejLfbVgM7nkcve5hWv0UcUSRbDshB680oVA3uPuUTKP9uY1uBEn6uzeHcsiag8oZc/E+ITXnuLL2nkU+Ns9IaTZqpdm73zr+MnP8Z6FzXdqXogXt0gKHQIFunrsmdJuDtGH7VhH78d/lcdm60KoFtLLV6cpZUAc3p+QXgOfqsomYbcwjU1O28wi0c7GeZoiV7vXgLN5yjMNIrBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lz5n90Zegij7/mevfIr9Kgf287/sBKChnr6jQ6CbliM=; b=fYyHoyRLKy7KxZKs77AXyshCUxcH3+ESRKSuFR27RTYC8LckzrhZvVGcery9gZ0zAib3ttdorYtf06xxZoh0Ty198XDRBFWIWU55jnFlfEA6HQ5cbX5V/dhAHtF9JK7IqCjP6f1aIi2vVd0Qa/q7P+tZWY4h4492JY4FzrGaE9c= Received: from BY3PR10CA0011.namprd10.prod.outlook.com (2603:10b6:a03:255::16) by LV3PR12MB9260.namprd12.prod.outlook.com (2603:10b6:408:1b4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Thu, 12 Sep 2024 19:09:25 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::7f) by BY3PR10CA0011.outlook.office365.com (2603:10b6:a03:255::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:24 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:21 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 28/34] x86/bugs: Add attack vector controls for retbleed Date: Thu, 12 Sep 2024 14:08:51 -0500 Message-ID: <20240912190857.235849-29-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|LV3PR12MB9260:EE_ X-MS-Office365-Filtering-Correlation-Id: f618ee63-b0f1-41b6-87b4-08dcd35e6ab3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?K9YpoAFUThFh8pM72/0h1xjiFO0Zb5Q6dGyFZVcm8XVYSdyfrBFe6U6bLztW?= =?us-ascii?Q?TGmvgTjfTp4yITU+2Sz1NPLCEeCDxrLUHMi5VfR+3/akC7u3186/eHnZI1gs?= =?us-ascii?Q?gBihkQPj3RLXC8i9S0JfvPn935X3GDFIzvzVQm2eYGlJRzfUVgEO56P2DJCR?= =?us-ascii?Q?1BQOtM2EOqwP/n/4dUyo8NUxcWA63KtBQcBDZl8WCtCDHPRX4tk/CIfgcjCy?= =?us-ascii?Q?nIZcZMI9x8yfIJoZFpdOWBP2K+Gsadfn/O9+7pNmOaCrsEwyBSaBwyx9+kaZ?= =?us-ascii?Q?jALl0EQsRyyUhTFveO67t82o45eh74ERvPrCAGZzKwpWNHryM7z/2agY3Qhd?= =?us-ascii?Q?/5a84+sRdMr7MwhThUbPEEuZ3zHX5wZ27TofYlv4lq294qHsu0KEBa9eBHn8?= =?us-ascii?Q?CewyQxm94NZ9PZuuIt+Sp9zrRK1GOO7CRs4M9gALK/zMNxtknYL0F0knXDd1?= =?us-ascii?Q?BhbFsB9VD+TPHNo50k6DxUjz3qVms8fhPYRmW9j5gilkV6FoKdH1xQiWX/Fv?= =?us-ascii?Q?wauttpFi1Itvvl+Qgdy4614rijWRhuBFK4bP1+owETF9TB3WME44lPYDLx3a?= =?us-ascii?Q?VzFLTmFNjhL+NaxK6setRnSBQjVTx24cJ/rC0Z9uRST3bfynFqm8JizoI5mh?= =?us-ascii?Q?JCgnis4KeDNANk3sDzZB7TTdchmdUxNpBOV1hxAcazexTCt4n2zQVx+zqj0D?= =?us-ascii?Q?9M0zwsbsV1MjsbRWN0ZqNxtkPTeqsKqUEwwayAw26kknw0PptimX/as1MrmY?= =?us-ascii?Q?qGNou9AUs066dB8QO1JlyahTpNvLPOHZvemHRXbObO5sA1WghuqlIgDcg5aL?= =?us-ascii?Q?aO4zJVG+rD+GbieGdogW0UpvVJUmOp6jlSdpi8nhCUGUEQOc9yboC2WySLPw?= =?us-ascii?Q?gq01y0nPImfZ4NTnvL48RDIHJfiD62GGfVx1+7fGoaNbwyOiwyIvEp/MTAlM?= =?us-ascii?Q?XMruwzsKDuNPAmZVAiNiONiE/SsNlvdpEtgx3fDHt7FC3XS+IahItFQ9k371?= =?us-ascii?Q?XiBftLLufuKl+Lp3LY5OUG7tMhRYAZ6tRGnIc85s8bylBu3qLxFFPKrUF0/g?= =?us-ascii?Q?nn1OkpA04fF/JnnJfTlT+GuSl10uD1LPP8RFu09BAlaZ+RMZrH04BeQrrxWg?= =?us-ascii?Q?eXzNmZLp9zk4xF720jyjhMRQKpU8KbzEud/eiWjz/ZL1dpAU3S8oqaG8vBfj?= =?us-ascii?Q?IwVkVSlA14Yfrn6NuK5NZOQmqPqIn0xNeO4KPnj0QAqm5wUhVdNwLJLdUzdq?= =?us-ascii?Q?vJOEs4QZERiKo9lEJ8rZP0mSCE60ypqE6dnB/9DyOcI/68haq4RwfF/YmpY6?= =?us-ascii?Q?gIK6h5xQnnDTfnmGTFV4j00u6TWQFB87l255LSkg6NRzxRLfuwQRndBqxtWL?= =?us-ascii?Q?lq3RLgmFrNmRILOSghwVjXfcUmH0K8hXy5TinS3EpCN/jG030Tn7drm/8C8U?= =?us-ascii?Q?Eg4uzFLa/AGBXk7YjmbNzUMzCdqXWVEQ?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:24.8742 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f618ee63-b0f1-41b6-87b4-08dcd35e6ab3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9260 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if retbleed mitigation is required. Disable SMT if cross-thread protection is desired and STIBP is not available. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d7e154031c93..2659feb33090 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1270,13 +1270,17 @@ static void __init retbleed_select_mitigation(void) } =20 if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO) { - if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || - boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) - retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; - else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY) && - boot_cpu_has(X86_FEATURE_IBPB)) - retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; + if (should_mitigate_vuln(RETBLEED)) { + if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || + boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { + if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) + retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; + else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY) && + boot_cpu_has(X86_FEATURE_IBPB)) + retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; + } + } else { + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; } } } @@ -1354,7 +1358,8 @@ static void __init retbleed_apply_mitigation(void) } =20 if (mitigate_smt && !boot_cpu_has(X86_FEATURE_STIBP) && - (retbleed_nosmt || cpu_mitigations_auto_nosmt())) + (retbleed_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD))) cpu_smt_disable(false); =20 } --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2074.outbound.protection.outlook.com [40.107.220.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 438FF1C3F12 for ; Thu, 12 Sep 2024 19:09:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; cv=fail; b=AF2oDfYLvm0rcU0optcHJV6EvrGT2DZwFvrh51AQlcuHhUYBaHNFQHqP7NO+xxPmKawPhHziENnLMCRmTg9Q2ea4fz1McMrSuJdx3mkZH3sKaTD12GtkG2RDxWTbOPQDN0Kr4fYQqeGF9CjzduWP5cDLoRBBySshL2yGxXZkhmM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168171; c=relaxed/simple; bh=6xNSBfw9JLBjDXO/gk+kuxJtKieRhVKfmU+szo7lo9g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=W24tOcZQ0p6BV849GtwRNSRhvchvFYbDnVSx3NczQT5jh9m6Ntrx4J2mLzbg7+c0sOB9RMJaNTWuu2auiacUWGIN1Qei37w+JNVwUq5Slvo0bot1iLm9rqkA8qdm/4aYJR71tVCGzewCDPdCZejB8ZVAe3OCVssoLNA15tpt1UM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ENfHICzM; arc=fail smtp.client-ip=40.107.220.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ENfHICzM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pG/pCZquZWJaiQHuEVAZhx4NuBHGUeKpkT5egfEyL0RGSwD5Y3tZem8OQQFclTnNST5y3CaG4RYgQUwi2Jr/25mctplEyB4V+Kn45pxCJ5fSgZkm4oy2KCWX3LyC4mQmm7WokhkSFK+UJ6eCmmsEx9IB329skvfX4bHX0dh+dTIyxSMYfOMCU78CnKMzOmXBoYI0y2X7+WFkxn/fmsG/RiBvHiOT4hyuZoTc0KbnaedNwqLN+8KTk1/H2KPGzhiJ7DlfLqX1PMX2qsknzJWaCgFTpZOxbXv+Xp6NyRFj3CTXRozYN8V1E+AdQiQ2ZWn7v+i1CZ65WG2z2TImEaL/wQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rGm/o3JsCgegyWt6lkzs87UhfFZph4DQcizwSJEaHPo=; b=rDlstGyUaKaaeHlQW63DqnEtGPykgloLZrY27ENdtJRsa1ItTXR+ahTuNJoGsuC3Og/KAznhBuE8zk+/6dfdmPzVuIkMa66tAYp+uN0g7sMqLV+Ealx3YAGkR/otE9t45oPgi7BDeE1dlt64xaZFjnbXiBii102zOPIIYhb25VPs28POQkG4PjxKG5igmzybKTikPYZy46ilxbqliJWA0ASNoswOglrr6Pn89hJ/51ieQMSRmmc5TO4kFD4O1z2Am8WsOQBkZVGlYKouPKWeZacW9mJW5jgHPY0mbz5DQ06/anSAaWvARJscOH8BF2lb6odL+TMheTy+JuFULYWxHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rGm/o3JsCgegyWt6lkzs87UhfFZph4DQcizwSJEaHPo=; b=ENfHICzMV4q4GMx8EOqYfKO905CczoP/IF5q5XuZon3XWPdYr6/nTCuTgrJX+ewo3Yv4VoyNHc3eT8MCReewNXhqJPqv6gUzKSqsFuubKd4uErN+UZR5z8iEITGejwNQojzDyeZY+3vt6q+321ogWSckVtVfm2IdsgpEE2Rvf/A= Received: from MW4P222CA0003.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::8) by DS7PR12MB5912.namprd12.prod.outlook.com (2603:10b6:8:7d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:25 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::4d) by MW4P222CA0003.outlook.office365.com (2603:10b6:303:114::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:25 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:22 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 29/34] x86/bugs: Add attack vector controls for spectre_v2_user Date: Thu, 12 Sep 2024 14:08:52 -0500 Message-ID: <20240912190857.235849-30-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|DS7PR12MB5912:EE_ X-MS-Office365-Filtering-Correlation-Id: d50486e1-124a-45f6-b4b9-08dcd35e6af3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|7416014|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?L9XJWVa6eEYVZag8eIgREk9rqLtgucdg55xLMaIZILP/TH+R0kLP4K+hoCyZ?= =?us-ascii?Q?/yxXRHQ7/qH2SNenJFWygktsHMu14fo3RNEolPlOyk2mykqVYbdlt5uj3DV/?= =?us-ascii?Q?/7vQ/ZgGR1khkxrX0hoUfkjgys/UU5BwufeKxIBAmfoG+vjDHNHPWMth75ew?= =?us-ascii?Q?lV3c+yaLO62J0RY9L3LIeZlOj9gkGpZpgT7gnggMP2Tf5guqhCn3dJCH8QmN?= =?us-ascii?Q?GEUgI03Lb/gIclxU2rIHZLi5cAdFVYtwU6oWG+kB4xYBr3wHzhFg3Ez0YIAw?= =?us-ascii?Q?h4xwbpTMDQvphKJWAcyvYw/WdqLbVCM9QBPgcKSkve2aRixt/ZzE0EtoNoN4?= =?us-ascii?Q?UShmKG2MxBG6iFEQjLPtv6v/vPoP4ADKDxJ2ARHAFZkrTLavbZNDi5LRyR8A?= =?us-ascii?Q?n39KlCa9vx9j3qec+zfmw5owiLkJhJ7DsvoiSLrbaAMvBtw4pGQuyXwdbVEB?= =?us-ascii?Q?K9Bu6Mm1DAON83trU1O+AcABFURmzbIT3C7ow7n776B967J/+k8agKs5zrKf?= =?us-ascii?Q?gn9Ot+cu6GldLX01cg9/Jh2XJIpJY0gfn/hR7rs2YZ3zlftMoPNr8Pv2/ToT?= =?us-ascii?Q?Hf5ajrupF3c0AETBgLhfC7R5zSD9Sd8Dwllu4FrwshO9/TGLHEv9bLepeN3K?= =?us-ascii?Q?VCDh4fKaCq9w/Yx0c0BBr5cHhksSM06fGlB2IpdHcV1iUuzCfD/JTAG8gpAv?= =?us-ascii?Q?T+DPaRdGwJO8ha7EytnAHq0rVzw+4hqjiPPoy99uBiDkFa7foV/rCVXu9FzC?= =?us-ascii?Q?6RNp6mURn3SWhl5cFBtnMbKuFf3E9Lti4TAazw1rntBF3g0ZVKqQNdbu/y1J?= =?us-ascii?Q?T2hqXBXNLLZHgfVLnUqOCv/Jc6Np+s0Zf5OEHV/UskfGM7yJzGDdLolQ5vQi?= =?us-ascii?Q?pmJMk7/Fyp9J07oOF0alcOEP/AwvJbGmy95vbT/N9B0/gNO/gdn9HqMqqe4k?= =?us-ascii?Q?2OA8vIUxRTwnnm5axDcJ8dughe6bH1SKdIr6F/7xTDNpGsXQx7A9cQgpm633?= =?us-ascii?Q?Ri/yArpm9u2s6Q5EtbdbU821Nkvd6WcSpr2Aq2HSrVnF9ab6k/Fg1zaDVqFr?= =?us-ascii?Q?VrqqttgnvBMl7z7+X2rN3S4MsGcJQKQMJdlIgFmwjV5Yzbhg+gM3BlwtGAkN?= =?us-ascii?Q?aek1Cj5rQ27TGVAFJ0kSAej4LS9KS8Sn3YzA6d73lzUMOdR8Sd9EIzra+B0V?= =?us-ascii?Q?2aLm+XmmnW7FLPXt81m4h2OPje/GFE2WPDDsF3Tqihm2/P3zA+N6GEAAeuKR?= =?us-ascii?Q?i+E5OtZj5K9ERq7mvcx9PdWLtdK/+TXfI/vD85kXneDFKvjhQ0cbMX4NgIEw?= =?us-ascii?Q?W9efYsT8lWVu0vSWQYcoSwaBofALqHL18yW+blGwFQDIFLCjTKOxsyGUPRWG?= =?us-ascii?Q?zS7MAETg0tuDGhdvN+uc3ggNNAbmWRhHJQ0Nxay7Xv3bPkaiwQdCchECs/Qu?= =?us-ascii?Q?LZFNJTdTBMS6DVwZs0Nhb337DnOjlBj/?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(7416014)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:25.2948 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d50486e1-124a-45f6-b4b9-08dcd35e6af3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5912 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v2_user mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 2659feb33090..9859f650f25f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1530,6 +1530,13 @@ spectre_v2_user_select_mitigation(void) spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_AUTO: + if (should_mitigate_vuln(SPECTRE_V2_USER)) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; + } else { + return; + } + break; case SPECTRE_V2_USER_CMD_PRCTL: spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2065.outbound.protection.outlook.com [40.107.93.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB0DE1C57B3 for ; Thu, 12 Sep 2024 19:09:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168175; cv=fail; b=ZJiOkq8Afg0r959a6913KM1ONRSgif7EaTKvgIkw2K5VaQpDKtva0oGI3OnUJm8NVbkj3EJtWgWmDS99FHcis/o/xA2aHfVT2wyNCI3AaKdmnDirChH2amjdcnilQRtVyWx7Axs1Z/2p4Pi3B9GJjodmeRCYPYr+SNEPGs8AJsU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168175; c=relaxed/simple; bh=P7hLo18XmbJ4/JK+zUVULvpKDsWlHgRczvgU6qShHz0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Ghyc0fT/EcqLA5AdIWT4ynCpSDEZ6DwsWNslgPLxGV5MA/Iea/wSaNTgnFdrAuOThj7kNLUvoor1KlB9W8POeti/VMZP9nv0KVgQPIRsflsoRsfIWaiF3F0uHaS33pVc+vJIGnn6bDv0A1rqoavnw+ZKyh40jSGfFDBu2yj8bI4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=xTWOp/or; arc=fail smtp.client-ip=40.107.93.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="xTWOp/or" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=S0Ai65fm576D29jz5U+ZFqmUvYhj6rWKoxbzS/RMe577W+NMGT4dyWxENy4N5i5pqyLiRO4n6IdIQX/Igol8/70yRhnmL0PXv/10ufZx2rnb2vCeBpk7ldcABMrFJplGibknLUPlTbWPX+2fC8X7lRXiAfNAI9nz4fTDVTo18vVQl+N3Us6TR7P2EmiC0uIXn/IRBTJCYDTYeHIWy8BhnAf3pqaeyFtdQCyYyTe4hD3dISwLzP9TyEDnZlYCj/zpnD4obCYKQTOg0oK5oAWgzz/GQ7IqTfZJVqQoNdwhjDJ8eEViwttarjKgOn4x05fn+X040mqy11281/9YKaC2Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MElgMgFEg4lzSb3D2VlJ2+nJ7ViC2FBR7RrdsaF90pk=; b=qwSKQCBtSuGbwgzeJl9wL7bdgUBxq+F7xYNmpMqYfeRsg9bxuS7LS8S6elkHHHTJ3UdxrDbsfmpRDQShCCaGgRyQRj8PxcDy/4NKWk2LIRO4kz4Rgwb7jUMzHZGplatdebV0bX0bL+JAmc7La5joxpa/KSGHynT01KQKUPPs0Wx3ljl8L2nxtknPLEuSsB9O1NmJZHhuiTvpSVdgDZNR7PcCNNFkbyltBnTbxpVRJSc7++jf+49AkVfyBxgz7t6PPLuI2C1bJpI5G4ZDLfucyWJZTFGbCbOrIRReNFbs9/uz2uxKmhwN1thS6cnMsoWSrGCmyzpkQb2mOtiCEpcD2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MElgMgFEg4lzSb3D2VlJ2+nJ7ViC2FBR7RrdsaF90pk=; b=xTWOp/orvAWTW2d8rQIS9ZJObhRTgjfWUceBkGi6CEz/zeLG9I1qyGVwRbWYfKzlJ1P3JXegeQWqrtFoat4aeT0fb7MQ4uevXLkHK0Hz3I2fG9MhdtoJwkzld4nTFDvNN4jN3yj3TXcDxPxDH0btoQ1lY31iCW8+JHKQeccL+WM= Received: from BY3PR10CA0014.namprd10.prod.outlook.com (2603:10b6:a03:255::19) by MN2PR12MB4239.namprd12.prod.outlook.com (2603:10b6:208:1d2::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Thu, 12 Sep 2024 19:09:28 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::98) by BY3PR10CA0014.outlook.office365.com (2603:10b6:a03:255::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:25 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:22 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 30/34] x86/bugs: Add attack vector controls for bhi Date: Thu, 12 Sep 2024 14:08:53 -0500 Message-ID: <20240912190857.235849-31-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|MN2PR12MB4239:EE_ X-MS-Office365-Filtering-Correlation-Id: fdd3c8b2-599e-44a7-2029-08dcd35e6b2d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?L4b+9uxIOi/q7i3KJeUvU5hoakucQUKMmOF2nqhcrrIfqjy/aniSY4k9DiqE?= =?us-ascii?Q?44KAlueirIBO510v9UlSyS8ZhGThtaxAA8tCUHvl7PKzn893McgtgMrbaqpY?= =?us-ascii?Q?0C486WtlFrAWWRG6gAVwLQsF0q59ffOCd0PJ1DfwzQdyXbeEj9GV8nbVgsYT?= =?us-ascii?Q?DxEB2rzhkThy41z7JYoWvl9HYv3JTf4+UOzPtTI622FkxSiBfmsmnZGiBqpm?= =?us-ascii?Q?a1ko4NjOZE4t0ZzNt4bh1eK0OA/vJkMVyFwphswpJJMAXhjjtYmomEs8uOJd?= =?us-ascii?Q?iaXQnGB0M+gs96Pc72DeHRYaCFeZ89EV9k25pSbZMoWGRgPdz9nXkD/EdKx4?= =?us-ascii?Q?WltH6w9n7zQnEa3hiJmVp6QPE870VnfMdT/D3md1uETXcxP46RrW9pKGaPrw?= =?us-ascii?Q?uu58ib6VPQZF0YtfK0Sc0pSuRn+ihY4Rfy9GJDh8N6iBPzqBrAyGpN7bsPfv?= =?us-ascii?Q?MqjyXLKWjUdcGGar89OVINMk9JUHhLREsMW6+0pElD49mO1D1p7Stb5ubWo+?= =?us-ascii?Q?L72JZeq6U4bVj+ItvZkouBbgFpzESs4cx91FeP+vcQuKGmd9ZWZFoc/bNdCS?= =?us-ascii?Q?IejV721R3oYwC6Nyl7ZQzTaPfZffqPnU2xDbsECAk9H+zy9r+hKuHdebVg/5?= =?us-ascii?Q?51M1gIVeOQv6iutMZzMWqc3zNSze4zKoAz8Gw4fRxeX/Bn0HLH9uK8xCgJFd?= =?us-ascii?Q?9oCA6irp/Mm4cgZjC5rXlKynJGPn4ARjdP2ijNuUPebgbokbWScky+6r8H4c?= =?us-ascii?Q?j/XGw0mdjZB6rVrwMTQZzXCb34yzakpu/v2463NpUzKChwxdW6kvppDOrSgO?= =?us-ascii?Q?TUToY+Yl5hO5G5tuAmkblyNQf8isPgddM3FgLy/8sGk6rueylyI9QsK4IweU?= =?us-ascii?Q?VH2/ZLEfccKM0lFZcQhhpJiTuqTpu9amKwhim/qxFHIFt2ct6dntcZEq9w+J?= =?us-ascii?Q?n7T+p0KtzJO87G1kclsimln7FurNRrshdcGq3m64Q8IsrRDmuReRsX8U2zFn?= =?us-ascii?Q?x6PTAaIcgfqVZDMcl2dWvo6j4isLeB/yHoo/ffGivBjhbYzuoc1ADImtDX+N?= =?us-ascii?Q?cYZ/vrXksc3EEKB2d8DWxhg8pVKcnqzV91Az1T16+dFpIJ+lNODx8ju7IB71?= =?us-ascii?Q?n7DwtOw7vtQx+ljUsyBEosOOH/w8b+tO8jLukFT93yN0U8PtQT9yIdKpcKGt?= =?us-ascii?Q?UDreXbhw+FRiiikflUVi4ulhXecdoBD+CTIXf7oDNMgOK+7lHoyBIcrbKn2G?= =?us-ascii?Q?xViwmbeVFNQhk4OFpbVSsTIiL3p0VszXbok6GnDJU3EU9i+O14jcFNKzZLWD?= =?us-ascii?Q?EFl63BYpkaH4uCNNaRlsSqFzOOaMfXKjB6zbDbO3XdnS9j/atF/sxzGKMjP6?= =?us-ascii?Q?Qvw1aLMKz1evL4+LWoqSLXeyZflryUlDwaEDq2NUei9U/eQHLQQFCnkCeC2d?= =?us-ascii?Q?Nm+E4TAXKFqyZwIMFf3aScHhtFQlVtHm?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:25.6711 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fdd3c8b2-599e-44a7-2029-08dcd35e6b2d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4239 Content-Type: text/plain; charset="utf-8" There are two BHI mitigations, one for SYSCALL and one for VMEXIT. Split these up so they can be selected individually based on attack vector. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9859f650f25f..cc26f5680523 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1858,8 +1858,9 @@ static bool __init spec_ctrl_bhi_dis(void) enum bhi_mitigations { BHI_MITIGATION_OFF, BHI_MITIGATION_AUTO, - BHI_MITIGATION_ON, - BHI_MITIGATION_VMEXIT_ONLY, + BHI_MITIGATION_FULL, + BHI_MITIGATION_VMEXIT, + BHI_MITIGATION_SYSCALL }; =20 static enum bhi_mitigations bhi_mitigation __ro_after_init =3D @@ -1873,9 +1874,9 @@ static int __init spectre_bhi_parse_cmdline(char *str) if (!strcmp(str, "off")) bhi_mitigation =3D BHI_MITIGATION_OFF; else if (!strcmp(str, "on")) - bhi_mitigation =3D BHI_MITIGATION_ON; + bhi_mitigation =3D BHI_MITIGATION_FULL; else if (!strcmp(str, "vmexit")) - bhi_mitigation =3D BHI_MITIGATION_VMEXIT_ONLY; + bhi_mitigation =3D BHI_MITIGATION_VMEXIT; else pr_err("Ignoring unknown spectre_bhi option (%s)", str); =20 @@ -1891,8 +1892,17 @@ static void __init bhi_select_mitigation(void) if (bhi_mitigation =3D=3D BHI_MITIGATION_OFF) return; =20 - if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) - bhi_mitigation =3D BHI_MITIGATION_ON; + if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) { + if (cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL)) { + if (cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST)) + bhi_mitigation =3D BHI_MITIGATION_FULL; + else + bhi_mitigation =3D BHI_MITIGATION_SYSCALL; + } else if (cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST)) + bhi_mitigation =3D BHI_MITIGATION_VMEXIT; + else + bhi_mitigation =3D BHI_MITIGATION_OFF; + } } =20 static void __init bhi_apply_mitigation(void) @@ -1915,15 +1925,19 @@ static void __init bhi_apply_mitigation(void) if (!IS_ENABLED(CONFIG_X86_64)) return; =20 - if (bhi_mitigation =3D=3D BHI_MITIGATION_VMEXIT_ONLY) { - pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit only\n"); + /* Mitigate KVM if guest->host protection is desired */ + if (bhi_mitigation =3D=3D BHI_MITIGATION_FULL || + bhi_mitigation =3D=3D BHI_MITIGATION_VMEXIT) { setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); - return; + pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit\n"); } =20 - pr_info("Spectre BHI mitigation: SW BHB clearing on syscall and VM exit\n= "); - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); + /* Mitigate syscalls if user->kernel protection is desired */ + if (bhi_mitigation =3D=3D BHI_MITIGATION_FULL || + bhi_mitigation =3D=3D BHI_MITIGATION_SYSCALL) { + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); + pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); + } } =20 static void __init spectre_v2_select_mitigation(void) --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2040.outbound.protection.outlook.com [40.107.93.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C710C1C4608 for ; Thu, 12 Sep 2024 19:09:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.40 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168173; cv=fail; b=MhR11E83kgpEqww4syA9pf03LttakTra0spwozgE84gGNTFGyvR7AjJVZB3nLUlcwyMeU4iLnD50BTMiP4fLsElMMoHUCn9jR8EHVoeAGFZ3Q4xSbAbXTNqwJ5SdVzm9YTDdFLXiLhj7LaJhnrOBUUd8dGDboh0UO5rlyaJqjro= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168173; c=relaxed/simple; bh=cBv0J6LBlDXlGa2fDVgtKnFVrjSIu0zyCrBsj0gnB6s=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HI+hlvLjqPx6sFjWmb+To0eug6pGfRxYgijhT3EMviMl4dTZ7A/0xJ97J7kIPCmYcnVEtKWoS5eDpUTjpzeXSvZEfDOVRchYohow2hEXDazPi5xJ2Jf30cv6vmSfgfPLwHpyFSqs6GrErWRF604pn7Gncxp/PvA56E9F/Rlyt8c= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=erxsbkol; arc=fail smtp.client-ip=40.107.93.40 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="erxsbkol" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=p3b1YrH8MC6/sBR8lBmtyIRrZfgzPmmBYm5uDM/FSlghEtWGBYEPflGJnMheVQAPxuy1ZNbZjSjAhbDCeH26dkjWkn+V5kFxQZCIWjMJv0sNRVpuiaD/evEzoC/EzSwB1uts/+Ee1SCykFb7YZ6nw1ixQ0eBkHebUdaJDx/7/afuIWJ8xFk4mkoID8/8eFVcbA4WS8hZNgLxY0FGo+jkGGtMk2zkfhPB/oX91eiz03TpdL1M1CEx6xDV+bR4Cp6P7Zsbx4OwbMGch6fnIpTywm/A5D/UddBXoUBbioG3XW8xyNR3/1mUzuqY7IeznqPao4uS+VW8mMhapfHY/4psXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qwmf/98M1378DFoNqnQuN+ihIvtqlgRKY+AdNWqtR4o=; b=KATSXKSm35Z05LcwMeb7JR2JICvJ6ZK9Y6B3B6dhvhQ9RcZ99LDo+xXqJCq6/woLOZa6JfHAErRLIqF1/o47m1kh8bdZ8HOTZ6/WtGVp3gkvMbsAtVlzvF69SZnnrkWXb/4RKQLJR/r2/7A+I9+n+6RX8/1XCP9/dMP/3jFmf+AePOuZU484LVeZsgvLduBfd0Pq0HC/Oxg8tWU2MDiwHBaH0w0zS5Hcx2B6T/sNgLG909Hcj6J2MRkiN76LRuBPdAI6uqAw7gpjtBwY/AAFHXSt9NgAsc4N7X4rXDcPmoovtdkZrzRdFx4md5PCtVv33vLcnotgKYMkFkJbo37ULQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qwmf/98M1378DFoNqnQuN+ihIvtqlgRKY+AdNWqtR4o=; b=erxsbkolpIr/hP1TxBeksQJOTm7Y41Rwe87yXSp1rzTEiKhOek2suEdB1WCqyQlDWDUikUeFokoTKrrQG5BeTqjGhCx6xptC0L1Semc6M6GKG7JvyHje/obNh7tgzKAmMS8Ed7IDcEx/rCGycR7UPFTiYeN5PT4aPhw9H+6wtHQ= Received: from MW4P222CA0004.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::9) by LV8PR12MB9134.namprd12.prod.outlook.com (2603:10b6:408:180::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.19; Thu, 12 Sep 2024 19:09:26 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::3c) by MW4P222CA0004.outlook.office365.com (2603:10b6:303:114::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:26 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:23 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 31/34] x86/bugs: Add attack vector controls for spectre_v2 Date: Thu, 12 Sep 2024 14:08:54 -0500 Message-ID: <20240912190857.235849-32-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|LV8PR12MB9134:EE_ X-MS-Office365-Filtering-Correlation-Id: 233b530c-7cc2-49a3-1064-08dcd35e6b91 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|82310400026|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3bA65fB53JD9FaCv43E/LuZLbjB7l4bCeyrANRZ39KEe8luUMlTmoimgBLJc?= =?us-ascii?Q?1/QrhdniTdz9J4sDxdns+yuDku52wE3CEPEEaXKdlCrLGXHvw78UwmctOzCi?= =?us-ascii?Q?FnMyIoGX05HyUUMI3kVtFaU0PmuJ76mIWVuDEuzyLIQi/3ulYH2q3nEWwZz4?= =?us-ascii?Q?GcgEJJ/Nf1fp5oEn2TEUuyfHQi99PRNa7YbMAjMicgoa+sQGYIwD4Sb8wbxg?= =?us-ascii?Q?zm8twd/sZVTrMTP0EZRzI/aHe8DRSYpigMThQzAE93zh6l0ki5tmmSeit6aj?= =?us-ascii?Q?QsfipOAws88KW5vYcFicSFFg0tXTKfu1T/qI+3JFiEFDbtGw6NlESxIEcZaa?= =?us-ascii?Q?3xk80Pbix2AkAAFfufsXMALFmOyEY8RtgLec00BDXCqmThBxmMOCcs193I4c?= =?us-ascii?Q?TtCyApEilw9CNI7s4a6/PpGBN7x7NRZTKNpdNA5TGQxF70g2qRP2AaF/1b1s?= =?us-ascii?Q?rzfjaT4M7FzZQuIxJ5q7w5+RaCyNOzHSSk8n73ra5TxWdBRLMYl04yawS6Nn?= =?us-ascii?Q?3c3FRqgNT5dC0Hofg+GDS2d1lfHZFB2Kjfbi+bNBAWfb3Yx981/4pXDm5ldY?= =?us-ascii?Q?hIys1pgtAaQV7YfygBW+PSL220k9HIzEcXwgNDZNnJ5XHz5/EKafKYRjUiYq?= =?us-ascii?Q?tTwlsGkHiKfj0SWG66tuMQ2sLG8r3m6dBfGnBtxd+xdfLfudoa8GXUDdUn87?= =?us-ascii?Q?PzMXZDe3zez6XvRWpFIeP1GnI29zduiRUkjqNytNZNUrkD/GfVgvwZkHTLWM?= =?us-ascii?Q?bYCRUrGE8a1ZvSi4E0eAQ3dqXL1/3dN28WZIkGeyvn6uoUnlX0E8t7niV8KQ?= =?us-ascii?Q?fsLFL/lhE34UEJPt8HdVsszozG0iETCcczgBEbPVaFYERuaxiAWVhdtRPkP3?= =?us-ascii?Q?ZtIOQx6DW4T9DUvBRLTYH2acADpTXLsQzReZ0XbuvF2uOd7dm3/ut61MBqMu?= =?us-ascii?Q?3TfI9ggJzCGKcW4ByRS+wHf9IvTG4H5LuUPu8i2ujWzPeBAB3JZ3DoG7Xo9f?= =?us-ascii?Q?2/DYUCvdZTIwLrPRPnxDdTMrIxUVPwEkzHDBbpg5hNAgMJQkEmkjAYX+MvRs?= =?us-ascii?Q?yVWEt8S7uwxhjq9uNtA/fZaDAe2V9Yf+XItpEK6vjXbDc9lshhIIdSPcqBc7?= =?us-ascii?Q?NUCnJLo65OsXVh7eIX+hhNf5WR4wJW72GV690Usx1m0/3rLjQtMC7SoeX7Vv?= =?us-ascii?Q?4R1xAVLHXgs/BTx9pe47CyoVaku4vVMty/OgB44xWNfA+Fcg5Oni5ZgW7CEq?= =?us-ascii?Q?KeTl/Kx8VlVm4/dVruUzmGK3/9W2aSQADsEW/qQiJzU5iWnNj1Kg/bo51SNH?= =?us-ascii?Q?6bKtyJ/yBFC8a3EnDXy1ttQcuTq1e10QuNCFTu8KMeTRqT+6xakKM8rkKTNw?= =?us-ascii?Q?LSOAor2M0QT7sP0b1nXSu0ZC2eEOnSZY8T6a+uZJgiyi2/0s8sCzRkXJ0pAi?= =?us-ascii?Q?kYhMFLpwlKjmYKStVY1uz72Ms2p4OvtY?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(82310400026)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:26.3260 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 233b530c-7cc2-49a3-1064-08dcd35e6b91 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9134 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v2 mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index cc26f5680523..9c920e2b4f33 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1957,13 +1957,15 @@ static void __init spectre_v2_select_mitigation(voi= d) case SPECTRE_V2_CMD_NONE: return; =20 - case SPECTRE_V2_CMD_FORCE: case SPECTRE_V2_CMD_AUTO: + if (!should_mitigate_vuln(SPECTRE_V2)) + break; + fallthrough; + case SPECTRE_V2_CMD_FORCE: if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { mode =3D SPECTRE_V2_EIBRS; break; } - mode =3D spectre_v2_select_retpoline(); break; =20 --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2071.outbound.protection.outlook.com [40.107.223.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E0941C0DED for ; Thu, 12 Sep 2024 19:09:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168173; cv=fail; b=G8HOO4aR9RPXgZOxIwa0BCfT6lvCzS61ykI3R4SDTOJ7568pBJHG+EPUWORf/lojv1KQd171OsgUJslo93kl/VEo+UvCeSt/VpsBo25wIup6HKjXTxnxaF8VuyUUD87dCvVodWd2BMaZHBmc3lbszGsrNu4ItyjQP/wEQvDf5pM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168173; c=relaxed/simple; bh=8Az520S19A4hnO4BaOXyrPybz98ayUg0vdbw32FNBa0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ebjkjetrQ1RTg56ihv7f75Dh++r4B/zIY4soc/rOmY14f7ScT4WOyjszUN7XdMlSs/6R/VtZ+khIAzQQG+SIvNgfkJ+J07IJ5DviHPKT8tK9ht98gEau4VjEunmpla1MsdPLL2Qo7hsgqh81F+8Clp8PUfrGAOmQlcw8A+MwKbE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=cSC2g4b9; arc=fail smtp.client-ip=40.107.223.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="cSC2g4b9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=E5pQJWJvq1glOt6gks726LlzG2NPdIZH63TJKV0vj/UZ6FN4zsvXQE8354f6oaghq+7E9uxH8HJnpcQk1mOXe0gi3CNGek8ua/EfU9OjUbPhimoH/Zm6iHz8fYtel1T6qldp0+6wSxSl/5IIvcytBYyokPPPiD3lEZ5u48H6RXDW8rYiZMJTO4HkQ9zPUArBaEhBuDi3lNGHOr09Ob52sPBJIiTYZxIQW3qTfJhm90+shiH0lZsD4aOmFI5MMBABaQEeWdq+Utf4uGgMN1m9dyrU4l3SpHrx+nIPWkgyBp9AxzurexnmsdlYt9VzX+uLeMLLz2BBcA35ABhSU0FkWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jDupyZidfjkXdIRc+EP/nbJNKW52wfM0oa2nVgVrio8=; b=swnknLQ2GRl9jtkurRnghwyzosW/8owDOS5MABfEhY1C9pimzDjVIgT9lTnGd0RzC6cqLFVvEY1FvKjaNJnmZvuu8104axn71vMFFP/sy85wKHMlqtBFjrTPEwxAfuN2bdS4juiWThbYGCWGFqlqGGpv1E+WRSEbWuztTBX7TU8TjaBka6eNZkS76tLv1uL0P3VuxVVHJpefIBLJ8rp97Y1zdXf3tF/YeFuynAd9HLFj+dNT4SQDIckHjzcseumIVpY0bNXqZCD3ZguQGXHNHGUqmXxLz5kvkrRV1nQ5ez9F2hlwklsHwSroIfuV684B1HROZG5r/YDt0v1QzFZ93Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jDupyZidfjkXdIRc+EP/nbJNKW52wfM0oa2nVgVrio8=; b=cSC2g4b9EaAyfof6T/p5t9zHeQBNI3C1Yk+hH7owzYbh1CQE0wA9Ld2TQpKIbB2z0gCWjZD+NZ2m3tCHirObanQejSejJLHRTzQp+oFU3K0kf6JJ1YiFKehyM7tkZPthIduj+abhiTN8ZNmz+fwXIrisHDHHh80DR4bUx1DVvUE= Received: from MW4P222CA0011.NAMP222.PROD.OUTLOOK.COM (2603:10b6:303:114::16) by DS0PR12MB8043.namprd12.prod.outlook.com (2603:10b6:8:14d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Thu, 12 Sep 2024 19:09:27 +0000 Received: from SJ1PEPF00002313.namprd03.prod.outlook.com (2603:10b6:303:114:cafe::ad) by MW4P222CA0011.outlook.office365.com (2603:10b6:303:114::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Thu, 12 Sep 2024 19:09:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002313.mail.protection.outlook.com (10.167.242.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:27 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:23 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 32/34] x86/bugs: Add attack vector controls for l1tf Date: Thu, 12 Sep 2024 14:08:55 -0500 Message-ID: <20240912190857.235849-33-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002313:EE_|DS0PR12MB8043:EE_ X-MS-Office365-Filtering-Correlation-Id: 855b208c-2cd6-46f4-8003-08dcd35e6c22 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?vMNjQWv5Lpq98gkPW3o940z1i86pFczyu/8pCyNJtTuWPPWlepiDf6oBQxJD?= =?us-ascii?Q?75FNtZgve8BTYcvWF44BYPy9BFAZwGgtPgm3+OJpYdaCBDz7Pz24QjFmWwQi?= =?us-ascii?Q?rKYkbkMehRDbHrQ6iRFUkazOqPFiT+1I0aOjp5VNXtI+tK4CDYVVAX3sZbS8?= =?us-ascii?Q?zI7jBPxYmqPGDHUzfIwn8IrAtbpAV1o2aoIWVFk+nWVpwmDUsLKIJDzEQw5S?= =?us-ascii?Q?TgqYUzZ/bFnRpx/TplLtFw5AWBz3mvPU8zq83YXSub/m0JPHz4+GnRP5hvUx?= =?us-ascii?Q?nnGVWmuaYn2IB4g0L7tOj8PnZDmuqA3KwPWdhkOejO3zN1P4xTWxS/DLfN40?= =?us-ascii?Q?uEgKBUOnKa9EItlp2ine1g41Lc9WL9805sciSKJu/Zhq2VkV6li3R5XIm6qZ?= =?us-ascii?Q?NHRb1iQwjVJgdZZsF+rYEHJ4BmdqCyRQ/IgilN4/Xk0NkNdT/IbGtK5IYEY6?= =?us-ascii?Q?aiLjKu3/0zlgR7HN41F3kIemDUUWdvVI6RCpBPxpZz3jVm7uJJlCKXTND7QS?= =?us-ascii?Q?ClKXTA851SoYkaNEN4z8qjVlIG5SYTfDVgOe1D39oKzkEyuDpnw5tyJ+uB0Y?= =?us-ascii?Q?bCpuWolwgj01mMiITZ7qt3kDZoezlE9fWIQRV00CaX9H8pq6ssiEbGok94BU?= =?us-ascii?Q?VH7hLKdrvaR/RDXbLUf88n/4/JBT+5qbeq1x1yLEGcUf7B+xO3w4jlmriDTq?= =?us-ascii?Q?sDCx+YPQJp3YV7Z+eKG+0bSilM844/kVF7cReLqIYlTbC+QalFvT8wV2M0hG?= =?us-ascii?Q?qDQ2sZmTTy81DRiKTL+VKXHQRnSe5PTJD7ZNUWQax5OQ84LvSTS70rPG0G14?= =?us-ascii?Q?eLZcFlzZMsrXGGugZdHztZRkw5pzMQFsyfGymnDUgScG+KbMWRwlIqCCwgrW?= =?us-ascii?Q?p3//D9tdW50VZ09I9Y1LBWQR+6MGoB5AXpvdVXA1kwvK2uNh4wpCggSHi4U+?= =?us-ascii?Q?MYIByzIpVBFrJufngJ+oadfBSEKA6tqlEbi+kjgCJsqE3yW2/a7TZVn6SHtr?= =?us-ascii?Q?XrbXXXl5hXkDejM6+zFZLOHaWAyQbWgBaBYobDfy5fGJ21VZ4TnXSTZ/mmyw?= =?us-ascii?Q?7ZdDkMvrxMAxNr1tZlsKWt3fPg5llI7Ys6z8jW+cEehk0WkAjFiHpu57PhPB?= =?us-ascii?Q?HMEwKwOZae7GCmBMiLF/TFhcOGwsqA3QCWBv8s6p2kpwTPhjVTywX4U5dmFh?= =?us-ascii?Q?uCp1wPKqtBWQ8JNc9iKjN5cWj2VHFU2rFChajZDu/4jX7oALQviKQZd93LTA?= =?us-ascii?Q?kopya3ecHpbL8gBFW913Uy3cahhjK4tFfGpoO81NhvdR+UbBrOtVrA1lMPlX?= =?us-ascii?Q?Wp6AJk8IWag6QY+NzFvMp3e0/X5d9iQktPTCcCZq1//U6C5gsIuza5KsdNiR?= =?us-ascii?Q?uRWPVpwCDXc1uV/i+DzFON38Am6ESeTPCn2EBwMi9rohLGzeuA6UHiegFc/F?= =?us-ascii?Q?3GWsXQt+hn6qtQxQjO5MURyk+oU2yRSt?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:27.2792 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 855b208c-2cd6-46f4-8003-08dcd35e6c22 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002313.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8043 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if l1tf mitigation is required. Disable SMT if cross-thread attack vector option is selected. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9c920e2b4f33..3be3431c20c0 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2700,10 +2700,15 @@ static void __init l1tf_select_mitigation(void) } =20 if (l1tf_mitigation =3D=3D L1TF_MITIGATION_AUTO) { - if (cpu_mitigations_auto_nosmt()) - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; - else - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + if (!should_mitigate_vuln(L1TF)) + l1tf_mitigation =3D L1TF_MITIGATION_OFF; + else { + if (cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; + else + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + } } =20 } --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2067.outbound.protection.outlook.com [40.107.100.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 486FA1C7B70 for ; Thu, 12 Sep 2024 19:09:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168177; cv=fail; b=IDhRxaEHAPSEA1S/hxhI1ife3J7yr+13p9jMx5Gu8btDsCDgMkUXPVLLYUojAo9rrYQk5zky5bNGaKGZShsqz0MFP0zsgriqrAFe8tgkc/EG9Sw7VJrkbVz1FMMAg142YcmzNmzlsW1U9y7obT/NJr4yJb/VglqSAWlDaGZfcbY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168177; c=relaxed/simple; bh=nBLyLMszeF6oaximPra2L6F4/1S7hz7BbROYstgSolo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TmP5T2IsfO2ZtjzAsuezjJivhzUklgkEjL6c4bfqNqE66qtuafO80+MPDU/QjbfByDaWoGg8HXaxH2f5/nSWs+i8Cb/P0ltv5tSeQspMkJsQdIzJ9tg6H+Sld0dIM4V20cGpymG4/JaoRy9tnsx7AUEySMHhGo4/O5/9Wo7aDCU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tdMpiHU/; arc=fail smtp.client-ip=40.107.100.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tdMpiHU/" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xzN84gaEvsik+KdjbnyOob9a+5zKXOyiQTn9ePgGmvYmeAxS1URh79rDtkoA82Qwsc2bUX5XuV1vgxDL+6121DRdDAPGRqESMxQLpJKMUuRcLXo779qkQZE4EFp9WW+vmOk235ldf39xfpXMajKxuK7imNmEXj3tN6r6Ev7GG9XeXPFAkSMgSEX3+dPUZQTWgVW2WvyeLIogNoMz2hCkceEBBrFgoeFPtaH7UaF7uwvJjh34VoDhl+OdoxCV5P0N4prj8BScUyg05soI5EmoGBkl5LD7AkfU5mrEcBILc/G+J+YtBHl3oPryXi6Er7rdJoPWIRHWbMVd+pexUJ6vnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HT3W/kAuvrnzodJapepS7CFdjaIwZ1K+qTC5wABm5UU=; b=YaBVNyIh8VDDnEQnDry9VuscVQeMHU7tJdkKOmHZ13pxUvYQ8I+bB/HTRI1rRT5d31QcjPfBlGRQomt5EiuJWUCfehxW0Yb5DmS51lGZC/ZuMY5a1rrwxFRUunSZsvKWXrqgl9bKRcb/8rO1U7X+RlHqtBzWjq8OYh/y8frfR4Qj51S5u6iJgQuv0R8VKcJiG6WE3QiZqO8WT35EpEKfd8RZBqKfqoXPisH5z+AefxELi+3jkgxc53dKjfldDdCSG96ikYB8il5hGQRLKe3znaTYH5l6g1VbIJPPUT1+0RQl//Ws3NlOwa2PwmTmKR/DkqWW4DZXx0PfroM2P/ysVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HT3W/kAuvrnzodJapepS7CFdjaIwZ1K+qTC5wABm5UU=; b=tdMpiHU/Qh5LNvX6RxRHhkZ+wTWzyBaZKIvVHdBpw8H5tXv2j75I8nmwrazWjp8qL8aZjgI0gJiHFaoGR4BDjn0dJ4OSn2219QzMOM1fRGBSu3PSLnigJFZvXNY2smcQYCUIag7noyINRiO67OlM1HOKx2kcjBJIX8w/DTnoqDw= Received: from BY3PR10CA0021.namprd10.prod.outlook.com (2603:10b6:a03:255::26) by IA1PR12MB6113.namprd12.prod.outlook.com (2603:10b6:208:3eb::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Thu, 12 Sep 2024 19:09:30 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::38) by BY3PR10CA0021.outlook.office365.com (2603:10b6:a03:255::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Thu, 12 Sep 2024 19:09:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:29 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:24 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 33/34] x86/bugs: Add attack vector controls for srso Date: Thu, 12 Sep 2024 14:08:56 -0500 Message-ID: <20240912190857.235849-34-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|IA1PR12MB6113:EE_ X-MS-Office365-Filtering-Correlation-Id: 9b4849a6-411a-4931-da57-08dcd35e6dee X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ZbeIW1sGwp7W7KatUwod/onD4XZ+DIEkL73+Fk44IMW990EBxpwZX0Zl22NI?= =?us-ascii?Q?eTUNoJI1jriERsLFpBJmxu7YevTti51McWCatR0FoaoTN9D+BaMPF9hQw6aF?= =?us-ascii?Q?g9qXcjzbUV8DPXs728YZZGG68hSiMH5b/biZNNwauyhdUD0CkgwKB75SV7hB?= =?us-ascii?Q?dfxlNFEHIRsEBMz7YCy3dhaiDM1h4AZkwfvXOV0lbBtzN7c1TjMSRNEtijJ6?= =?us-ascii?Q?2z64BRYXcEeAFiLmN0zRQOUkZXupciwLQ+n+S5BqT5IhB6fkyL/bAMB4LE9L?= =?us-ascii?Q?v/kw0tIWh/j6YsVfaX1um85s++Uk6us56aVNmqTyzXqbpmMzZabNpX6S2uN1?= =?us-ascii?Q?tmcpxHFc2rroJXTdofM5XdPkmCWh/HdziN1AMa4V49E4gvKV7nm8UboiJf+n?= =?us-ascii?Q?eRcC8F0Y/2Uv2mLqWWCHZ9UWENJ+lRt1jFi6krfu14u41J2JPjRi968/S7I9?= =?us-ascii?Q?7z0FmxUnpQQFqUSfi36Eh//huIKMi58EDLD4G5M+rbXjqvXFU0gq4Q7FGGE7?= =?us-ascii?Q?CqMhwCt7W203P7FJCd68rcZaNgC9Pb4e/VxiA/JLx+a6ws66uXhqXPOclmrk?= =?us-ascii?Q?LwLsxA/j3PxXsOcCty1YZVZvxTufH6HqW7FsaXerWVjsrNIi2ffdNNIl2/Dm?= =?us-ascii?Q?00HcAdNGsVzZayn4NHoS2mkup7Xl2v3UyE2yP2eqB/F80xj7r3GHDwwLiFSu?= =?us-ascii?Q?OKYm8gjAy2NjGZCK5K2xUsXMsVZyiQ3ooPaHJl37mk3RQo2n6rfpDgk4bXzF?= =?us-ascii?Q?lJ2HLw0seRa56Pw4MlT/k1h8t2xWzz1VdK6GFv5Ze0KDBuY+RkxtZnWTg8Yk?= =?us-ascii?Q?vdT+QTNFfcGIub1OS2ZAfk80tB5XGgURKhAIEf/SvH8FEWDdf7S9asQZXiQV?= =?us-ascii?Q?ocqoflHtzWV/Cpb17ypSe/RgQ4eFdgk1T/r9HKR9addzBI5e6Bd6gGRnr9L6?= =?us-ascii?Q?0goaIMRQf5hhjAzwTgk+QKek4dEkRxr7rJwLBjb8fDEZpsjqjFVQnRDZgUjT?= =?us-ascii?Q?RMAgZ+tUT3cyHWhhGsaiG9fk7MX9iU9nmKKUZxd5iPpyPfDd3QHosO33W5KY?= =?us-ascii?Q?I0WtabMzWvAplVJuBT44W6jwj+NyD5DpZHdXMEXpYW0IvNQTTsXHF9AXfZcF?= =?us-ascii?Q?2w1rA0IENWtYdY+K9lhLvs75io4P8ySYXbXcS2O4+qvmdse7tljYVkhilcvN?= =?us-ascii?Q?x/PiTxHXBcVbyql/D2y8nJIWKDYBOCV7doaajxXHKf4nnuFbPEneqnv+ZRpd?= =?us-ascii?Q?heKWKSOUW4F1DDRFKrYzCLRACLwkvPMsN3nwoJu+4OV/B3Yh9mIjU0JQ58PA?= =?us-ascii?Q?719YlA6jIMjbq266Fzij0B5WsS+H8UnBmKmbQ1ZSQBwB5fBRDi7TKznRHFAh?= =?us-ascii?Q?CmI5iGcGfWD7nW6xwkx5EMaYVbgiOpHUevKU6xL++ADDvezKgz86s/lKQMVX?= =?us-ascii?Q?MwEWLYddtyvggKklxSyWuy7PcNHUMhbS?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:29.9993 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9b4849a6-411a-4931-da57-08dcd35e6dee X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6113 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if srso mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3be3431c20c0..ddade7d6d539 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2842,8 +2842,14 @@ static void __init srso_select_mitigation(void) } =20 /* Default mitigation */ - if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) { + if (should_mitigate_vuln(SRSO)) + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + else { + srso_mitigation =3D SRSO_MITIGATION_NONE; + return; + } + } =20 if (has_microcode) { /* --=20 2.34.1 From nobody Sat Nov 30 02:28:58 2024 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2053.outbound.protection.outlook.com [40.107.237.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E15601CB503 for ; Thu, 12 Sep 2024 19:09:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168180; cv=fail; b=qpUkVNEp2r4DVEzhxA+LOZ12OXI1dfYnRmP7hiadFgZ0InUWIG8oKK5oLldU5v92DBmeJGsti6qJRBWQx4V5+DwsKLJFvLIdQEefbl5/p0SFeOe6agY1GeiPj5ggOoIWYhPPMrYpDBVzYmBUyI5GxYrBwpv32orUCLvCKzNLRPY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726168180; c=relaxed/simple; bh=pj0NHsjByCKYGkaOjxEVOlFpe2mrmL/tmrB2u9EA18c=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jXRAlfFYNF0rkvWwPrtEEUljdI+SBPsyRts8vDdWa/yHaAXnpaO4feQ4VBlM4iZY8x9z1fO6eb9hQMSOZL4IWVaXi5qBxFXAMB17KxquUT5IEo1g+D0ASHUilFvFXZhOxE0XAnUCBAr4mDrV1L7mvsbijPnMpBta7S1PbzShFfE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=aIwXgtwR; arc=fail smtp.client-ip=40.107.237.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="aIwXgtwR" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Vnvq6bDYVkU8EhW5QBOX9Y8+EnfrtsHQo4t+IwTxaGUQ250xFH35fM77KtCP8qUqDC/rar2Yt4198eu8bWIn/i5GZa3ZXUI9ytn8rAUZNGGjeuPnTfXiqdm98wasCeSq67LeNr3/KVRYDRKBKiws9su/b/Ji3LxbLCFB1NVMJJcWqbzFQ1fYiMlOn6itYvtnJr2ROFAujgLgdjXh+YzujkWzNdykqP4XkVewTzIV9xGxu/XEzYZALesVi5HnWj1z+K8yGzay2zPGlSG3jSLrOcjH6qGYeN6ZtUcrksPnF2WTLvmnZzUSfIErlcHudmhZLKqEMxXYJn0cgKIw3AeX2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FNDLcaUjatlfFXjm+ZEJKmYY6eFVM9jCktSdTUI8ZQg=; b=x1XlvCQAN0hu5CxheaBTnQ1kDBoSPyfadRKcfwKltRPtVpyUxTvEgISj4n+lF4PtQ8SRzLmpJkxSG1WBeQG7g2nBje4lpUNvb2qTkhgpK9eq1NRm945zxsgARFsx1Ngm+uaqa7Pyg34IE+ucowpSBeo1yyHVIwP+McC5IdKc/vNpXEUwxq9XGlUEk+Dl2v9XBBFwiKJw0QgfyyTjhoFA3U88+ooPg6K/jZcOx6n1B7buTFBX2UW+Kkw+TIqCwUay/sNSZ6eXQHFzRIrvdQXCOKjl01MxRWn0/+ZtnTMux/rpDh44h0Su6v2ykNrL45er71m8hqDGCvFlQIUsp0IDdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FNDLcaUjatlfFXjm+ZEJKmYY6eFVM9jCktSdTUI8ZQg=; b=aIwXgtwRc+JDDDPlCDE57qCOWXDQJ6HlAvmhABA9BFq8/QNSOnKxzUYxlfUQsYVJr4s3NezGw0N2smw5Dn/2WKK6ZLwJn20jhmB8jCtR6QGnc6xD71oJ2Wm+6Pq3PilQWy0du0cQucs0gB3ltns6so2sEcYuHfzXw5kTgh87Ht4= Received: from BY3PR10CA0008.namprd10.prod.outlook.com (2603:10b6:a03:255::13) by SN7PR12MB7369.namprd12.prod.outlook.com (2603:10b6:806:298::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.17; Thu, 12 Sep 2024 19:09:31 +0000 Received: from SJ1PEPF00002314.namprd03.prod.outlook.com (2603:10b6:a03:255:cafe::b5) by BY3PR10CA0008.outlook.office365.com (2603:10b6:a03:255::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Thu, 12 Sep 2024 19:09:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002314.mail.protection.outlook.com (10.167.242.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Thu, 12 Sep 2024 19:09:31 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 12 Sep 2024 14:09:24 -0500 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [RFC PATCH 34/34] x86/pti: Add attack vector controls for pti Date: Thu, 12 Sep 2024 14:08:57 -0500 Message-ID: <20240912190857.235849-35-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240912190857.235849-1-david.kaplan@amd.com> References: <20240912190857.235849-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002314:EE_|SN7PR12MB7369:EE_ X-MS-Office365-Filtering-Correlation-Id: dfe61d84-049d-4abc-37a3-08dcd35e6e6d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?1zkPxA5GgnHwjd5ShBoeUe1yF51RWPVxhY7XLu8EDzj76gaqPcZbcy+iupqZ?= =?us-ascii?Q?5Q5gpI1GDRv6Ij21fbt/0oOdSOSpp1FjfjQ2fjEJ2/4zC1vXU41iv60knAFo?= =?us-ascii?Q?SzVYTEBA7KiHdKvVKMtK/HEz+wJuicsE1foo7bXBTmANkr6hzfUp0Jbb00GN?= =?us-ascii?Q?u9i0OShXVuNxZ9hBIHyWWK/85JhhuZX7JVk8CRJimoQG9KDY7bBd0sLEEtVM?= =?us-ascii?Q?iUchYQd5z8byEvDonbfDPZPMhj5mu7xtr++iuSnwSaV/FwWiYPY6JNUep8fw?= =?us-ascii?Q?3npgT9xTUi7KkpGSJq3rjRA7l3yjnYU+Z2jCarqfzvOmLF0tv5xwOJCPyUci?= =?us-ascii?Q?UwxXHe18F29p4w0KyC1s/evaS99O1Dyf1ewyzID8uqyE5lY/rJTboGlhtP5R?= =?us-ascii?Q?kcHM/xQyHxFXwPKpPJJfdnjPtBzsulhh/Y5uy4SpaY13MTbMt7195TEo68ic?= =?us-ascii?Q?o8KC69lsr2AI+xeGbQLp0h3UrsJ3BceEecAPyWrQ980jEe+0IOyfV5fgjLUO?= =?us-ascii?Q?5jvfZtPtyLZ3AlraoTg1XTZG3FX9IjojHXlxYUwnDYmsEAoBcNRa0AGVasts?= =?us-ascii?Q?PagDHz+vPZmW3DOAGcLoeixVrPHmjJUv8yGAaymdh2GClUmMcSs+6i6Yq9zn?= =?us-ascii?Q?0+f7fTaXl2pSKerI9g087r6wYW7uUyCoZrAwM4nMUmG7WSrLWnIUeBQtbymW?= =?us-ascii?Q?G9/vyvlRct5Vihu7BgljFIhmykUaF303VtsIToXfKvV4gGUg3Jd6k+FexzBD?= =?us-ascii?Q?xtqP5h2ekPsy1UGuA9G/2UPiFKp/zmILnjAD9WwNvhPU0RunaYvzykp/GZ9/?= =?us-ascii?Q?MFD21NFuAG42s3bMYeMFTUYIexIE+MTlj4kpHW/+s4SZAwnLfIK5GsrWpONQ?= =?us-ascii?Q?zN0z8u90sMFwoQrGBliFI9NUOAaaLOPm1ZTtfn745kP8jIHretVXZQDEr1Wc?= =?us-ascii?Q?ZmfW7SRjYXL3SvHZHWqTb2bsNFCkzwjEdGnElRXGWCdKxRb4/tK7DBWQEjwv?= =?us-ascii?Q?sByQ1IXCdOckbNbikbrAtZT/xnXd5WDLLuvsxuGpXdQl0F8jMKGbURoO/iE8?= =?us-ascii?Q?8W4yThXHl9KnqxGT/Mq92MMzefo91+F5bqUG2+NHSZb++ZFWsTn+Miqrituy?= =?us-ascii?Q?CXaGqyKpsuLO5vf99VVu0C9sW5JM47SHwA6qSbGk+zZ1vwyhGC1hFQ6RSwJJ?= =?us-ascii?Q?CLZE6CTjYv2CU70N/HH5ynotxrjo3Um+1TsTCUjM0vrsOv8+mxoh7FtSqsYu?= =?us-ascii?Q?kjxvy0giGtxalSwKCJBUpgnMYiC+hHdOKcTe1tnV0cOKLsUbZQb20m7DfvxG?= =?us-ascii?Q?RL+S1sAxPkPCqtlI2aH4ziUdoPYNZohD5Jy6P2dTAc9rLpBd1gRo36EQ6xql?= =?us-ascii?Q?Go/ZHAyI/9PJMpYP0Je7Lq6omNWJe0XpRTe5+IwBsPQMnVCDSjoyuljvymQh?= =?us-ascii?Q?8+eVwtMvUuBD6/rSdulwg08fXfk7s9ts?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2024 19:09:31.1243 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dfe61d84-049d-4abc-37a3-08dcd35e6e6d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002314.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7369 Content-Type: text/plain; charset="utf-8" Disable PTI mitigation if user->kernel attack vector mitigations are disabled. Signed-off-by: David Kaplan --- arch/x86/mm/pti.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 851ec8f1363a..9e1ed3df04e8 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -94,7 +94,8 @@ void __init pti_check_boottime_disable(void) if (pti_mode =3D=3D PTI_FORCE_ON) pti_print_if_secure("force enabled on command line."); =20 - if (pti_mode =3D=3D PTI_AUTO && !boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + if (pti_mode =3D=3D PTI_AUTO && (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN) = || + !cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL))) return; =20 setup_force_cpu_cap(X86_FEATURE_PTI); --=20 2.34.1