From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2046.outbound.protection.outlook.com [40.107.243.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A16C1F8EF5 for ; Wed, 8 Jan 2025 20:25:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367944; cv=fail; b=eN1f/HhAgX2e9PBa59gdPTMart5FwfkyexB5HpeZpTebDiP8RIxNvRy+N/uWoIDdRNXCL6ks0xyYJpbcHrDp1MRdvo17CVR7tUa04iJ8hLQHdfAMpVPGwWJAHg5K3tSnFyN+d8WEInMuBQHhk4uo99NGkMIIgphwk0GrTCS4M08= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367944; c=relaxed/simple; bh=MAu/1c7npKgTG/iUBN1SH7WAti/pV/Xrh9MiPfKH2Kc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sQMHdkEUYt3B77jyeLXZ36395ImgSZYmYu3+1U7eaBB4FCE2vKJ8mIKhx9ruqECSpvrQZSGvXLH/llV25OWa754hUQFaxqSfeLq579QA7JBBYdz975wVrPamBbf8hEoo3dZK4AtdYynsRguCZtamfPO8oFow7ck8UkNT9CUSY1M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=LAiQ+FL+; arc=fail smtp.client-ip=40.107.243.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="LAiQ+FL+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B7no1PAdQixwAEchCzplcNU+UKsb3oPiryDPh9ITujIFNbnT9JvOhYdiNfo+QpXiBIK1cvLte8WzzfkGkxvbw8b8Be+6Z3k/Bn50hJsnFXMCQCS6tje28KjU/liY73maGb2+Rx8PNvOAZBILzGyM4rB6GScd7jLhKM/UFqCqrdW0QjNYUvP3iHnUZvwuNKWUcwPE7I3PftH886NYw0i59aGc9dpWN41TBRRpq0OEpomma6v0NNDpw+2/rrhtW51tFTh3JImdZIx99WjoQ1xvjJXH5UJ8iL8aaspvL6Wx0X7qdmgjFJ+JlP7tYV6VMfCwLV7CzciLRBV3xrfO2ju+uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3a0oaiom8mKBNKeH8B7r8v4sGk8+vh+R6QhQTfV/YZs=; b=xmEzA20hC6jfs2JH7plqHXNbs5EvBD2iUdnmmQvUlfdbfL2xIa1o8963GSQbIpmFfjRnV1ZNH1PD4M/4PcLMpG4Osu+uykHde9mc7j8Qz2y/kfDMLASUa6CM8aL8WV0uLT+fR2lhm1aPm+jtlKQrXXmh3Lj8toiaIU71WNrXwfxcqRCvCsyFytFAyfqCsamABv9OBUm/6xj7GOTk3Pcj+FLr6pO4i1bK4gmpKROO7HM155bkqJ3zlywXUc0apNJfgbbTEwvjtivoIu8GYuxymD8Iwp8FjXieY1FcwD6bjf+7FZkgKQ11Bp0+FyPtJs4+4cWhcmBNGMYzQa3/fxLNUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3a0oaiom8mKBNKeH8B7r8v4sGk8+vh+R6QhQTfV/YZs=; b=LAiQ+FL+yWwjNs6BTbfDSqmL6iDpFLkwTHrGtKN+jHTZTA1/9kpTuzNJQsenCGYRfKq0gLswZcZhU+6wEfkbzv5JoB4X+gvAKc/FaBzBje9DpudmjC8A9Veoxrq2FBK5HET9tHjqINaAvfgZfYWx+ruxJqCx/GCLsC3bQ+QZbC8= Received: from BL0PR02CA0106.namprd02.prod.outlook.com (2603:10b6:208:51::47) by CY8PR12MB7731.namprd12.prod.outlook.com (2603:10b6:930:86::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:37 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::c8) by BL0PR02CA0106.outlook.office365.com (2603:10b6:208:51::47) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.23 via Frontend Transport; Wed, 8 Jan 2025 20:25:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:36 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:35 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 01/35] x86/bugs: Add X86_BUG_SPECTRE_V2_USER Date: Wed, 8 Jan 2025 14:24:41 -0600 Message-ID: <20250108202515.385902-2-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|CY8PR12MB7731:EE_ X-MS-Office365-Filtering-Correlation-Id: 8e709bf5-808c-48a2-d852-08dd30229c83 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?s39iB9DC/GmyUNnsyWXxfXwib46NSBafAdjgyCTAQxqyZZmq92GO1XFdjUUy?= =?us-ascii?Q?AKBlpXjYgXeToHZ7hfvf4mXSD+KZ1n15ENCspxgj0QjwBL2NMn3Z5vQbyvXG?= =?us-ascii?Q?oghY/KT9XrotUyArIg4e4GTZjNlgnQIn8oT9vwAa9TIjZU+ZvyQPHdVEQ4S0?= =?us-ascii?Q?pYuXxMoi94z3mgHU2/yxX4YzEyrrBWxEuLmPVI5ddfTwzmbz2b61BMLFCZZB?= =?us-ascii?Q?1A+VUYgy+K3iUEh2BvFTm5D1aAul0oiJq8TODUP8PZQkAGWs4wltqoJv1zd1?= =?us-ascii?Q?Jq75BKSzH3LcjpT1RMZOjGd6hhX+QFy+sgVE5amfc0Yrwpw1t0iz06jFf9r0?= =?us-ascii?Q?RxqF74GmeAf4l90VBu5FPE8qGAKcbTW/ksX1yJzG7Fd9qUXZJi7wLLUash43?= =?us-ascii?Q?ZKL6FbMuCzUCm7TGD2/NF4VMqfzezczB+7OYrQwDjVXEwlQvj2l6fBNZ6K01?= =?us-ascii?Q?wKQR+pOf0nFSZFmuvt/awy/ljolvn1BLUK/5d/ZKfHUt4q34WkavQbhqBKyR?= =?us-ascii?Q?N/Bc7ZvuYkoqwWMkuy0D+E96GLC9CiJDDn/cTRj+DaSPzzPJ/XOJOOQWVITU?= =?us-ascii?Q?CIrAz2DaPlQYHZaKBIe3qhtU5/UW2R2ZKuubTUGsyQQauMYNNUkX5bIVH5RF?= =?us-ascii?Q?LVuJ/MotZNZIZV+HzcArtCJZMVs7s+W+Wi+Bd+kMevv7gSVSTnM4TGNSn0vz?= =?us-ascii?Q?6+CXJrMKmEjWmpkUSV5f7QOYIQh2feGo2geXU0U7V5MKip96QrD4ZgRoq8IG?= =?us-ascii?Q?Z1IpLHJKZBTI36JVA7aIrHgcejopwX4qzpylsMKm7Q0WcJHbXDlS9R7DHULv?= =?us-ascii?Q?1/PejRdDwTH4B9HyxC05KB2LTIzmoGscbVbnjA97ajOaA6Ff5jVG3u14AvoL?= =?us-ascii?Q?xRqJcKInvMl0pNApc57gcbdzAAHTlOkhO3JLtLnqMU3TtbGc6MERLND+H/fH?= =?us-ascii?Q?86IjVB+76cRWOodoQgS9FylSgGcnVpFj1jBXd8ewj7c5EOCSS0e2jSEnnuut?= =?us-ascii?Q?ipQhH6I6FroIQycI0n6hyT901P06bbInX651WU+vTNeP4Hr0CZ/dyhief+4f?= =?us-ascii?Q?MlXynrvtHYzClA71i/FtzASengYj+4bVonCQqijlpI1CgsjWmJeKbGGpctbK?= =?us-ascii?Q?A3Uw/C5d1cHeyTC0ShekA0cpuigZeWUzE1ORANNHYN63acZfdmWXiL0rgU/a?= =?us-ascii?Q?rhH/5qenc1X5NCShXjcbmJsQd4nkgh4TUeWT853VS6E1wuCD14Y/3/nzJvuc?= =?us-ascii?Q?9itXSmGoKShuLec03PSQo4Gi/K7+xY7DXfx/zms8eoD8ITtCuTB/+RRmnPVL?= =?us-ascii?Q?0zta7IcE30n9bnrjvQoR30MqcfHbqO1TyKFwWBtJMT7QP2tNCJhxOMshmurY?= =?us-ascii?Q?/NZzo5Yu9z0R476FbtdLPTYOUIzvb6VqIIkRgF072sPwSq36QlrvxvieY4nW?= =?us-ascii?Q?lmIvKbHjoqYocYbyGAiZLTjEZ7JeWgjYYDF5ZCK2+edjZzYg02JR+BgZoB0i?= =?us-ascii?Q?/uFSlA+A9uQ8q68=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:36.8292 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8e709bf5-808c-48a2-d852-08dd30229c83 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7731 Content-Type: text/plain; charset="utf-8" All CPU vulnerabilities with command line options map to a single X86_BUG bit except for Spectre V2 where both the spectre_v2 and spectre_v2_user command line options are related to the same bug. The spectre_v2 command line options mostly relate to user->kernel and guest->host mitigations, while the spectre_v2_user command line options relate to user->user or guest->guest protections. Define a new X86_BUG bit for spectre_v2_user so each *_select_mitigation() function in bugs.c is related to a unique X86_BUG bit. Signed-off-by: David Kaplan --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/common.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 508c0dad116b..f77073507647 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -534,4 +534,5 @@ #define X86_BUG_RFDS X86_BUG(1*32 + 2) /* "rfds" CPU is vulnerable to Re= gister File Data Sampling */ #define X86_BUG_BHI X86_BUG(1*32 + 3) /* "bhi" CPU is affected by Branch= History Injection */ #define X86_BUG_IBPB_NO_RET X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB om= its return target predictions */ +#define X86_BUG_SPECTRE_V2_USER X86_BUG(1*32 + 5) /* "spectre_v2_user" CP= U is affected by Spectre variant 2 attack between user processes */ #endif /* _ASM_X86_CPUFEATURES_H */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 7cce91b19fb2..1e80d76dc9c1 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1331,8 +1331,10 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x= 86 *c) =20 setup_force_cpu_bug(X86_BUG_SPECTRE_V1); =20 - if (!cpu_matches(cpu_vuln_whitelist, NO_SPECTRE_V2)) + if (!cpu_matches(cpu_vuln_whitelist, NO_SPECTRE_V2)) { setup_force_cpu_bug(X86_BUG_SPECTRE_V2); + setup_force_cpu_bug(X86_BUG_SPECTRE_V2_USER); + } =20 if (!cpu_matches(cpu_vuln_whitelist, NO_SSB) && !(x86_arch_cap_msr & ARCH_CAP_SSB_NO) && --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2088.outbound.protection.outlook.com [40.107.244.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1AD9202F61 for ; Wed, 8 Jan 2025 20:25:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367945; cv=fail; b=cHaRf3dN4eQ138K2vHgzLraqPn1TYsC4i0YB7VAkzek4IksWfOmeBeHteETuqMglXhqnA9X9gs7GuVrhE1qHAHDioSRUWDZUAAx09m2viZQtbKguCCWh6Adgnfb8vIEqV9aPzlhyWfZPuefOqyrfko3AbGjxCTPp2Z2SCyKKe+Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367945; c=relaxed/simple; bh=RV2e8VF59hXMTQLnoPvMAnSH5bbm/YBYkSG3AmrYf1A=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=W3mg4CbYKvifO3QN/Xds/xbC3qmB23uNWDWmVwDbZfzIoMOti6bGsUzTElBjDKY5BnYPDauKxf3aRUM3kqWlFrw2TT+dpvs/AuMiBkPh2UzM6hRjzdGEgUH/a3O1aTbV77Ey6akzAVtXzJ3ZyiD3vBhbKFE5cGMFIX3Ln63K23g= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=FauGaAmn; arc=fail smtp.client-ip=40.107.244.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="FauGaAmn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=W/H59BbBMbytmJRk0S+y3jDsf8pq4vw/cbxOixuFvYH1f5hSu5Q2KSngVduncm2ySuYiXfs4mgIGePk6Hp63uBMUMVM+X+5G2uEjJZ6PdfmURdX+eRt6MvX0fe3P8moOULajhi08OQBRg6QmBNbVsIXwg3oo3/nWD5y7+OnEAQ5I2mUYrBB7+ckx3uRyO2eh5opB66gvQj/FTr+1xobQY2q78ekB72sZGW8yiG0e4twF0uWE7hSr+RNWvfKRdTMvhg2wjJc9RUrG5nKOOxJG1EEHHgsE9B9EF0JlNJqrCAugSGsimEcGu8/UX4RuoxAOA5CG1+V92tlG4Q1LHJjvdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eTqT39aLn6vAV7GB0VbJaj/6S5Hwc2gxjw/AvrjXsDk=; b=Rw6RzWCPbiXHSpi9KVac0lN1C7hqN8JPvlsA8COpAcpU5VJ7dwIAb11ZcKASspUlgFXtwkn8Sm6UW2uD0fcCsBmRWIOGVI3I5A6R7BYa5Q3NtR46ILscY6jQQm3XU58BVDUvou/Q4iTRj4QRSVMGjIawrLdexLtVj/7gXHfl8PqzTa6irWaUVP1XQlv6FfEMQwKKdq/3U4vhqgiBFDNJnK6NUFx3NLH+OzrRdXPNz//Y9phBWYC6ecKgH4MvtpeYW6XqJeWs/KNmH8HDL2zyBQblEe+E9u2eTqNe6PielrV24NQq1VUsIgeGo85dqT1EoEPJiGBiFubu/qIGek9Hgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eTqT39aLn6vAV7GB0VbJaj/6S5Hwc2gxjw/AvrjXsDk=; b=FauGaAmnQJ22y7eTFmSQ+m/8SCsAM1qSwxlgi3OuTaGNQsIhEeX4TI0Z9P0ICSCosNc/+3ogUMX/VcT2N1RSQi7lchdVxSyoUBodcXH2fVff/09z/MQliBOZpjFpR4PlFd7EvkEudLzW3GTSlSuPMp5bB5EZTs7NJ/2JWmBMK4M= Received: from BL0PR02CA0079.namprd02.prod.outlook.com (2603:10b6:208:51::20) by MN0PR12MB6001.namprd12.prod.outlook.com (2603:10b6:208:37d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:39 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::7b) by BL0PR02CA0079.outlook.office365.com (2603:10b6:208:51::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.24 via Frontend Transport; Wed, 8 Jan 2025 20:25:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:38 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:36 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 02/35] x86/bugs: Relocate mds/taa/mmio/rfds defines Date: Wed, 8 Jan 2025 14:24:42 -0600 Message-ID: <20250108202515.385902-3-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|MN0PR12MB6001:EE_ X-MS-Office365-Filtering-Correlation-Id: 39c2b17f-469f-402c-2d21-08dd30229dbc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?53Fo2uwVJqMCU4HC7eY1+eGZkZJwNXVWGx5AHodA//0/T6r/Q5uQ2dhFSKVQ?= =?us-ascii?Q?yIWtNbzL4PCM7VnidyAhGPZxtaAXNL+ObfDb/LlT3b5DyR6pM3R5ApvWvXsg?= =?us-ascii?Q?5UlxPLLhwn4Tjw19BFB7z5+g96M836oUoobUmFBxnnZErhbAmoeCKHwkZRhI?= =?us-ascii?Q?zBpHqISGVHJ5EEFzwcQhfsCpQaZ8SQrFt/Ne1F01P92euOASG67kxgJzvGki?= =?us-ascii?Q?KmPcwPwxjCRalNv56cy3mTOke/9Yd5SNduniN4EVcqnGayIKagcIemGcHvpO?= =?us-ascii?Q?YInMEyaNb00hKZ52aEWNl0YTamsopuPG+o1MOf2kaNXV9jbCoYHVfuc2A6VG?= =?us-ascii?Q?kPAnho+nIYfbO/XE1lHHsj9nXQLC4v/UXZfYs893711F1dR7vtjNmQ6Hpjn8?= =?us-ascii?Q?dQwUIkTZmoDwpGYqCOt0yZDAuP3eY7t4ZOw/6qK/tKEzKLdtL5kCUz1OeTTV?= =?us-ascii?Q?hJcjYyfjLV4vtpusYcooZXoCTrxfO7/Y3qWVqnu+AhNQl/4JzJqx2re3rEWd?= =?us-ascii?Q?Ruo1xbLcNp/4c9o4WmHImXdgVWv0ENJFTIn37X3VcX5mKQ+YOZpVSAeLW5sE?= =?us-ascii?Q?3THgOWyOznjK1JAeqERe2OTxwSaJiFIKgqpf2J/TJejzyHHZZiMSDHZgX5F8?= =?us-ascii?Q?nuTk0B3f/sLMRxXyTC40zOoiYpxZcf6mO7qHRhyuzzXTRIOB8zUA7cNu+vFL?= =?us-ascii?Q?qO7TxOmqbwwIdlibdcM+Rt1XFnyPBZVrJ4zbDhjnfaXtVyAYEjVOU3ryvo6P?= =?us-ascii?Q?A92fUhK41qBJzHn+C4Zukh/Q2g4u3X77EgIb05PgxPXyQTquF8C3yLuL/A6T?= =?us-ascii?Q?VZk8zqeDaEuw868JWLKQndhGUCadliep8QqWsP76Qum2RmpPz/ZXhzMXlRBO?= =?us-ascii?Q?EjNwKYpg7cpCzt3TVl5Rj2ohZC+RIlHh8ZRvrl+n3cpOz3EeHhkMFPhmletH?= =?us-ascii?Q?fOfccg2NFnLk6LXL40GLF7HwRp3EKxYZah5N0t73C13MnV1b4ar6ZtDAurQD?= =?us-ascii?Q?0Ht9RKfFyVqj26dtMXb1SvxZ/Q4WcaiOgsBXC99Kp8bkpXB+D0Umb/GZe3ke?= =?us-ascii?Q?uVeaMMa65YEY1YLYqdVm0ky95rqYLDxB4kjiRoNm3L/ELj1UvlByiDoYFUR1?= =?us-ascii?Q?wz1uVQfWysg8flr++ZnD52YAfiOnVF0eqrUK80vQa+WwNa7lfCXANwW8iOYI?= =?us-ascii?Q?nUkSTUJaKTbUyYSc1C9ltf6T3wCC0UR+pLzeLnJi7ulwdaujRvk79WzOPFCp?= =?us-ascii?Q?2/z31OWIi6VM2fi4Sz1aU0Y2HtectADwztwOiK7C0RkTdexhSsBn8NGqV0HW?= =?us-ascii?Q?68i8HcAlMqpWynUm5o095ic9zxl5CfOHRjS8teRVRs+miMv/yG2OWyh/6znc?= =?us-ascii?Q?HuyxgLhntwEnakwBI4qbmz4vHE65MTERNydzngPKdXWY0SaUCN7fq/pysj4p?= =?us-ascii?Q?CSiA1z7O/S8s3a0EGzI49XLhf+k2GZwph5XQA98KWT6gX6AUO3zO0tYcqII1?= =?us-ascii?Q?aIsNAheALkzfneI=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:38.8136 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39c2b17f-469f-402c-2d21-08dd30229dbc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6001 Content-Type: text/plain; charset="utf-8" Move the mds, taa, mmio, and rfds mitigation enums earlier in the file to prepare for restructuring of these mitigations as they are all inter-related. No functional change. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 60 ++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5a505aa65489..bbe4c772e557 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -243,6 +243,37 @@ static const char * const mds_strings[] =3D { [MDS_MITIGATION_VMWERV] =3D "Vulnerable: Clear CPU buffers attempted, no = microcode", }; =20 +enum taa_mitigations { + TAA_MITIGATION_OFF, + TAA_MITIGATION_UCODE_NEEDED, + TAA_MITIGATION_VERW, + TAA_MITIGATION_TSX_DISABLED, +}; + +/* Default mitigation for TAA-affected CPUs */ +static enum taa_mitigations taa_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; + +enum mmio_mitigations { + MMIO_MITIGATION_OFF, + MMIO_MITIGATION_UCODE_NEEDED, + MMIO_MITIGATION_VERW, +}; + +/* Default mitigation for Processor MMIO Stale Data vulnerabilities */ +static enum mmio_mitigations mmio_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; + +enum rfds_mitigations { + RFDS_MITIGATION_OFF, + RFDS_MITIGATION_VERW, + RFDS_MITIGATION_UCODE_NEEDED, +}; + +/* Default mitigation for Register File Data Sampling */ +static enum rfds_mitigations rfds_mitigation __ro_after_init =3D + IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; + static void __init mds_select_mitigation(void) { if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) { @@ -286,16 +317,6 @@ early_param("mds", mds_cmdline); #undef pr_fmt #define pr_fmt(fmt) "TAA: " fmt =20 -enum taa_mitigations { - TAA_MITIGATION_OFF, - TAA_MITIGATION_UCODE_NEEDED, - TAA_MITIGATION_VERW, - TAA_MITIGATION_TSX_DISABLED, -}; - -/* Default mitigation for TAA-affected CPUs */ -static enum taa_mitigations taa_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; static bool taa_nosmt __ro_after_init; =20 static const char * const taa_strings[] =3D { @@ -386,15 +407,6 @@ early_param("tsx_async_abort", tsx_async_abort_parse_c= mdline); #undef pr_fmt #define pr_fmt(fmt) "MMIO Stale Data: " fmt =20 -enum mmio_mitigations { - MMIO_MITIGATION_OFF, - MMIO_MITIGATION_UCODE_NEEDED, - MMIO_MITIGATION_VERW, -}; - -/* Default mitigation for Processor MMIO Stale Data vulnerabilities */ -static enum mmio_mitigations mmio_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; static bool mmio_nosmt __ro_after_init =3D false; =20 static const char * const mmio_strings[] =3D { @@ -483,16 +495,6 @@ early_param("mmio_stale_data", mmio_stale_data_parse_c= mdline); #undef pr_fmt #define pr_fmt(fmt) "Register File Data Sampling: " fmt =20 -enum rfds_mitigations { - RFDS_MITIGATION_OFF, - RFDS_MITIGATION_VERW, - RFDS_MITIGATION_UCODE_NEEDED, -}; - -/* Default mitigation for Register File Data Sampling */ -static enum rfds_mitigations rfds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; - static const char * const rfds_strings[] =3D { [RFDS_MITIGATION_OFF] =3D "Vulnerable", [RFDS_MITIGATION_VERW] =3D "Mitigation: Clear Register File", --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2050.outbound.protection.outlook.com [40.107.243.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0616D202F6D for ; Wed, 8 Jan 2025 20:25:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367945; cv=fail; b=kbeBYi02rtaE+zAJfCop+6RrDvvK5EAidw9jwvyyGZej0x9o4GNCA+RcyGHog9vB+j0RItWUVfJh7vNx9ncDwBIvkX9fvUv8+5DnIs9gJVaGVVeKxKFZeHE5DcDhuFHBEwBBRtZ4qf66+7AIAE1iu7Zy9Jx73ClC/8Ia0HYiz7s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367945; c=relaxed/simple; bh=+yL3eif1XNCfcchCTPLyngk+fcFzcpPHTFKiylpXsws=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=POZ94ZaBaA9I2fXwCsfQI/z7xMnYAu27j+lm5VGO8LnzOpsWVaMivrk++lFGL9nQl3MDj1pFv29G/RAPB5xmmHL6KjqWPmbhL7AT4Sk5rl3Ny7z1k0syLc+GIjMgTO/SVkxBxMr15XuC8mSk7y+GdUgWlHQZpt6bRbnsT7oAzrQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=xHh2U/g0; arc=fail smtp.client-ip=40.107.243.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="xHh2U/g0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qwrGavGgThhwGQjXRYYZ/zdpb3HxtEoT614Q3tlw5JPgj1j/XN+EKBBVP6aiXFTzpu6/wVerR+REg8auQ1wmH8crwrG1r7ignvDonKWkMMPV45tNvuqHzg/qfCY06VkWwhzzdsZvJ1KX5DhWaCd7lqz8Rn1cuT1w8mVSAExkHlY4otdendYETYk4MDOvl5g9f06S+Pmhjk+htfMWkDIkePzzhEo+oOLbaSRe5VJGUngT/OwhWGKz2EL40jvaTRvo2vNGd7fhtf5676m0vNQgmYM+lx8uHMoHeVnazyLdtBWMWGKrjpjTAh9Fli0Fjnd8IeQXjT3cpMZ9tDI1JZOv3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZQBL8e2jfE3vTGU+hFATX1tn2sBvYOEA0RiXFwV6L6I=; b=ZrUlCqSt/eyTx7v5QWkMAPi5gpYIHJaOahUGBMqUJ+mcrucG9RIi+Wpw+76KbPK26OA6ZJMKgaLIPJ03MMgait9iSAoU7Dnk9ELgOugmoVe0fR32xQSlp6IDiuadpffOp5Tzrb3yl7lh5k6HJ5ToNDAaHDA4QGwHueTjXkJgnNWAW2BaS4mDcGvzr7zkteCC83/BrFAkIPqHeC9y9XxzR66Sppew/n1sxHKGzY44FfWSwx6kvbfjRgUhqu6B5Kr3cCX8xWeiWGIGYE8ItuIDLSgUNDmsL9cRYHt//yzSYPhwEYTtjuCEbV+C45TKK1vc98UBwkeErvLX6BEvW2REZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZQBL8e2jfE3vTGU+hFATX1tn2sBvYOEA0RiXFwV6L6I=; b=xHh2U/g04zgKtOqVrfXg5zZUZkpD9uduG61bAAOpdTX3Z/eo5v0jcME8inJ48y1uSKvv6uOQe4wnv5HcgHDip80bgZi9+ots/iCOC6xwVA+GgLV/CnvGiuIKhZzC38BlTgQJueCUof/Uc6WwBpvmH1WMP7UYTqd9mibUUAIp+aU= Received: from BL0PR02CA0094.namprd02.prod.outlook.com (2603:10b6:208:51::35) by CH3PR12MB9078.namprd12.prod.outlook.com (2603:10b6:610:196::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:39 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::24) by BL0PR02CA0094.outlook.office365.com (2603:10b6:208:51::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.24 via Frontend Transport; Wed, 8 Jan 2025 20:25:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:39 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:36 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 03/35] x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds Date: Wed, 8 Jan 2025 14:24:43 -0600 Message-ID: <20250108202515.385902-4-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|CH3PR12MB9078:EE_ X-MS-Office365-Filtering-Correlation-Id: 17506495-b1bf-47d5-edd1-08dd30229e1d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?w1wSqxuZkQr96Yk24fHfnmElJ7ClqxNDUcsaArV3pZ2Qztqt6CToXqBV2FNF?= =?us-ascii?Q?X1K2zOH3Zm6sWVneBbz4W+zQ9x/xEmQre4zlK8hXK5nFRTvkpiAgmqzv+9BI?= =?us-ascii?Q?IzLiWiJgxClfoTD+sSa9+WoALMRL2RdMNT4pmgJxoRUArxlyq8MDMrkv9lJk?= =?us-ascii?Q?lOJd/tEgUqPUCwOzxo5/ZtpNo6ajBNv6Ml0v6MiTCzXH4kcR34jwJGZQ25NR?= =?us-ascii?Q?FxIs3qwgFj4l1XRtw9opEjFuyeLkt2G0KtrUVgN3P8fi24drqq2YPgN5q9VT?= =?us-ascii?Q?ErxdBw7YYZUpouBUsZ/Qyvs1Zu1Di8bxH93Xd8vpDfBcF1uTw5apCt6S+fk1?= =?us-ascii?Q?dSb+Vl/gZpPL0gylR92sL9TuwwyR+UFM0APKvuHOTgllMdtz0POc12Btl62z?= =?us-ascii?Q?r7TCg3WWnaEPpf5SjkQL5ouwK9t93N0xkvIYrjHls+2AHOcZVu5da7I7BG/5?= =?us-ascii?Q?5Ift/97osaipmlEAr1yBvQkFJc6EDx1do0/r0HX6HL0yfv/W422o1GZ/cV36?= =?us-ascii?Q?uaIAXEUCDZangXdpSJUFkMLIP/gzxAy5MtsYqZfTuhMhomQThy/uw7lXuHOH?= =?us-ascii?Q?2wpy/0yZTzIZdpH0yxkFlYIIa3Y052SfxesVLi9DgGNyixxLji2tpLR75Wmt?= =?us-ascii?Q?K/U0/heeU2UboALnqAJj6+5jPerIAzRLxgQaddVwrBcf64mTu18Oqu04uLgB?= =?us-ascii?Q?PizOYqIPpcIGS3w2cYe2Zgd4dBHv1L6b9KcqtT7Ui2STKhROga17IqOnoYtH?= =?us-ascii?Q?eTWJEVnyTLENOC9yxwg64OD3AvR0Jt+8BOpjefREbe53jqm8sa27VlWk5J/K?= =?us-ascii?Q?ewczPdI4Y5deMhtojf3ylzAiFHdP1a71MQohwFOgyWjRPo9OhI6Kqk0YK6f0?= =?us-ascii?Q?mzglG+hsyrFSqGXxs6LwNYDPBKRahL7TYEzkdfBAQF1ofliduoNn2IydIZcC?= =?us-ascii?Q?v1gm7AT0awmR9KFD8Hp/bYSt+uYVQS9Y/HBOqOLbtTa9I8WQ7aIO1XBtKZcB?= =?us-ascii?Q?DhFnkbkB1cW+a8nbBDdjcT7QNr95doCucw6eDUSaNtiC0xVDdIePsFHSJ3CD?= =?us-ascii?Q?dhO+fOXZ8iC10EoMHBQ8lq7FS/+8tondqLMDCdDUHElMfrpQIS5dVnfYYsnb?= =?us-ascii?Q?EYSesPcZqR9n+uWG2H6IRRhCtotQd9Y0JiCS6bMrfTPAaXLh3qTZLQjbVnoR?= =?us-ascii?Q?Cq9YYpTnzJmmjNMsbGGOCbVEAOLiyJe4xAV+3Vc9+g+GVkZX8Dz98eRHcbaO?= =?us-ascii?Q?R8oFssvupwuGY8RfbNXGts0/HQN0P/65jq6HKBwPNdjWLM/+ARbpxWIVpIgv?= =?us-ascii?Q?DUjcWhd9x/cnoDDpFc5YqdGAw66W19liybQK+53085rAzE/3zn5wFD3NRfFL?= =?us-ascii?Q?n4MGg1UYDjGCre0ghYdIAGopzIZIr8DoTz8jdJnrRGeWe0GwgEGLN7j7aG7H?= =?us-ascii?Q?EMjTpmYvVzy3k2rFAnztgT9naHUgfOzRe+k+EzkhhTDagYriCyVgzV0VKgBr?= =?us-ascii?Q?ZjScvlmg9mgu2xU=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:39.5167 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 17506495-b1bf-47d5-edd1-08dd30229e1d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9078 Content-Type: text/plain; charset="utf-8" Add AUTO mitigations for mds/taa/mmio/rfds to create consistent vulnerability handling. These AUTO mitigations will be turned into the appropriate default mitigations in the _select_mitigation() functions. In a later patch, these will be used with the new attack vector controls to help select appropriate mitigations. Signed-off-by: David Kaplan --- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/proces= sor.h index c0cd10182e90..90278d0c071b 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -757,6 +757,7 @@ extern enum l1tf_mitigations l1tf_mitigation; =20 enum mds_mitigations { MDS_MITIGATION_OFF, + MDS_MITIGATION_AUTO, MDS_MITIGATION_FULL, MDS_MITIGATION_VMWERV, }; diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index bbe4c772e557..592d40551432 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -234,7 +234,7 @@ static void x86_amd_ssb_disable(void) =20 /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_FULL : MDS_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; static bool mds_nosmt __ro_after_init =3D false; =20 static const char * const mds_strings[] =3D { @@ -245,6 +245,7 @@ static const char * const mds_strings[] =3D { =20 enum taa_mitigations { TAA_MITIGATION_OFF, + TAA_MITIGATION_AUTO, TAA_MITIGATION_UCODE_NEEDED, TAA_MITIGATION_VERW, TAA_MITIGATION_TSX_DISABLED, @@ -252,27 +253,29 @@ enum taa_mitigations { =20 /* Default mitigation for TAA-affected CPUs */ static enum taa_mitigations taa_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_VERW : TAA_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_TAA) ? TAA_MITIGATION_AUTO : TAA_MITIGATION_= OFF; =20 enum mmio_mitigations { MMIO_MITIGATION_OFF, + MMIO_MITIGATION_AUTO, MMIO_MITIGATION_UCODE_NEEDED, MMIO_MITIGATION_VERW, }; =20 /* Default mitigation for Processor MMIO Stale Data vulnerabilities */ static enum mmio_mitigations mmio_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_VERW : MM= IO_MITIGATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_MMIO_STALE_DATA) ? MMIO_MITIGATION_AUTO : MM= IO_MITIGATION_OFF; =20 enum rfds_mitigations { RFDS_MITIGATION_OFF, + RFDS_MITIGATION_AUTO, RFDS_MITIGATION_VERW, RFDS_MITIGATION_UCODE_NEEDED, }; =20 /* Default mitigation for Register File Data Sampling */ static enum rfds_mitigations rfds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_VERW : RFDS_MITIGATI= ON_OFF; + IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_AUTO : RFDS_MITIGATI= ON_OFF; =20 static void __init mds_select_mitigation(void) { @@ -281,6 +284,9 @@ static void __init mds_select_mitigation(void) return; } =20 + if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) + mds_mitigation =3D MDS_MITIGATION_FULL; + if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) mds_mitigation =3D MDS_MITIGATION_VMWERV; @@ -510,6 +516,9 @@ static void __init rfds_select_mitigation(void) if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF) return; =20 + if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR) setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); else @@ -1976,6 +1985,7 @@ void cpu_bugs_smt_update(void) =20 switch (mds_mitigation) { case MDS_MITIGATION_FULL: + case MDS_MITIGATION_AUTO: case MDS_MITIGATION_VMWERV: if (sched_smt_active() && !boot_cpu_has(X86_BUG_MSBDS_ONLY)) pr_warn_once(MDS_MSG_SMT); @@ -1987,6 +1997,7 @@ void cpu_bugs_smt_update(void) =20 switch (taa_mitigation) { case TAA_MITIGATION_VERW: + case TAA_MITIGATION_AUTO: case TAA_MITIGATION_UCODE_NEEDED: if (sched_smt_active()) pr_warn_once(TAA_MSG_SMT); @@ -1998,6 +2009,7 @@ void cpu_bugs_smt_update(void) =20 switch (mmio_mitigation) { case MMIO_MITIGATION_VERW: + case MMIO_MITIGATION_AUTO: case MMIO_MITIGATION_UCODE_NEEDED: if (sched_smt_active()) pr_warn_once(MMIO_MSG_SMT); --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2064.outbound.protection.outlook.com [40.107.92.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 569FD20371E for ; Wed, 8 Jan 2025 20:25:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; cv=fail; b=Z/O+IPRNqzTFTV8qD9bQfaTjWYPfJuGCiINoCiOgwud7v5vtINzm+wFSG5Y86pezBqFrtFrc/cgERoKNtZvQmIqjZ4bUz2jbrQNs2g8MMSsH05Aqgy7nO8yYCn/Ao1sKbsbKaL1rzV8LA+AkPo0Hyo/ST0us0OTnD6KYLxbSpyk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; c=relaxed/simple; bh=vn/U3judM+6C23j7zOtdg0xS2TOiMCs3yPJws/Qb/+s=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JukyFuMtlfbXNVB9YlRnyJD6aFWn5Gy36WYVRZPSWLfSJZ1/mQ6wzrpUFR1Ij15Jh+wf78AKxW5JQnqA2CEwPjqJio1Af4J+hT+kpfG2A7QWyS7su7KkmESxA75EBMEQpGBwZ6EmAP47ILnAq7vAnkCqfLYHLLgsKMNZTqlKkfQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=SPCFHGbo; arc=fail smtp.client-ip=40.107.92.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="SPCFHGbo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gM5ax/SEmzk85Kna6AcXCiAD444zWHeX/p3eq0bk4N9hu9Q/3D2YPCXF5jX/rvlkrbXBZX4x+cCziVR346eUq9uqhy6cEgRza7MmJd3H2YtgZ0R1uJb/geR8mW2WRrktrYFJ6auN0PU+XWVS0wXk8q6jvZuYLFHswN35qstDO8PbMlo+ofHs5+HiW57jOCTufrJ/F40WFywL7vwaF057tvTfV1wzwZStPkfdqdcrVOWlND1yxs/7VuZgZrAT2oN1fehAvA0YtWBKHqNGAURBn4/HqGRiOIADtiZO6H+aHN0rS85iwc9KXUjm4Lresxz7pmHPS6GoWrD6+CUhMdKFAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pAVYDnG0yQikOyz+w7b49rxyT2cEoPUjJafzgA+nDOo=; b=tTLcoq7NFLLRctRCSef5HO5Z7na17ZuyxuOb7GXU+n/dwJ56UL/6BkS2pQBcG222eo7CNjR1xdzZZr4NJ0rlbvrZnXnrFx1hhYNmgcTvTdqiosfclB0i0N7wiWm8CKpH+DR5fiZ7W5vzPB7FLHZs06DexPbAEUngIIg4oShcxc5cWNyuCi6w+/7QQAvEqKTSXgYjki5iu7B3yyEAhMHbb31RPh8N1XvcCOaxlpKpI3oZdQESJFBnKPrLyVn4CNhscFAyYh7inl4lmJ1CzhFHDdj+9iOSbz9od7RcH1OcAXRZFIS6aFgw6MPxXErKfRXk7jbIs06wk6nK6JKH7jvWvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pAVYDnG0yQikOyz+w7b49rxyT2cEoPUjJafzgA+nDOo=; b=SPCFHGboufqgLNajWHUcidMsHpcgwYvUII3XxrjugpjsrXYQxKB/qQwakPI+1rvDfS/hntyclXXli3QOcXPyX7Key2lOFqRPZHxfFrkvzpaBMRAGs5bOhsGD+v4b2WnlRnG7GCSfNTnYZwqqGfr2+mR5zKrlqpSsHqI4ZYNXXoA= Received: from BL0PR02CA0082.namprd02.prod.outlook.com (2603:10b6:208:51::23) by DS0PR12MB8766.namprd12.prod.outlook.com (2603:10b6:8:14e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:40 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::7f) by BL0PR02CA0082.outlook.office365.com (2603:10b6:208:51::23) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.24 via Frontend Transport; Wed, 8 Jan 2025 20:25:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:40 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:37 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 04/35] x86/bugs: Restructure mds mitigation Date: Wed, 8 Jan 2025 14:24:44 -0600 Message-ID: <20250108202515.385902-5-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|DS0PR12MB8766:EE_ X-MS-Office365-Filtering-Correlation-Id: bc078d46-5faa-4177-7304-08dd30229e84 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?MtpCQ6EzmWP9lGVhIailt9ktUiiDtVJCEQ1mj/mV1Riz0HVU9Bx9rriwIH0h?= =?us-ascii?Q?e7GIlCvAWExmI/W/ufsk5Rsvmzq1/3nKb7uGiaIkbt6AiCjBu6ulrd1Qq5Ax?= =?us-ascii?Q?61YpG3IPX9cH8xipgk5/Qjfs9AUMUm6N4022zyb5BWDW8GVAGM44UKmC+aFU?= =?us-ascii?Q?GGpJ/D9V0FwtZBzQOAV9ieHOxj7ngDBBZL2t30MLHv+tCCwdKuZlsEsqVgIy?= =?us-ascii?Q?xWmfv0A05ouVvBDZV2YM7CKXWP/Yc1L2tZm4CyWLPzHI+yT9wFwn9mBbRIwz?= =?us-ascii?Q?Edwr+1vv4Fo9P3YtGGCECBpT/B54oHhNogWUbD5DHwJWqYPPMUHgLvcLYojy?= =?us-ascii?Q?zdIR9X4u8AE4NaRCf8LBNhSxIubpLAuCfo5PeMzs7AuJbQTyA5L4ixsL5FX+?= =?us-ascii?Q?hDgnGDhLAobi1OPZzjh5ZYjGZ/P4biJpoh5nlQUQDIpiwDdqrAb4xADp965j?= =?us-ascii?Q?A6j65Cub+m0cA9dqvf8lEHK1lNZufuO/KCScczABPEPqsvd4EWZS2/u6Tsqz?= =?us-ascii?Q?Sn4cpLKdrh8FE4d7DZwSiE4dTdrNLmkMspPXyRmkOr5H0Q/27iZ9XCQEF3w+?= =?us-ascii?Q?t01qAzgyMSeiVrZg77cqoIOg5Pb1GUAPsiU5TFpx6Ud7Ku4J6Fq1ugzCYs74?= =?us-ascii?Q?JOqU6QT2s/cnu1rYnT4mWzpfx+HeeoynRQhtbMmfOyqADuwFUgp0jmB9A+xR?= =?us-ascii?Q?8Z15/R+Ij8FF0I26gVSkcERDzd0hPxtY5uEJt5V0RQpORG6svidDKvCi7m2o?= =?us-ascii?Q?BDyyZFAPUklrM7R6U9KjOzOQYSd+wSxRlb1GICPjDaHpj3nF7zrkNyOAsPEu?= =?us-ascii?Q?XyR+YQW78mykafPb5wFYhX60ld7moLz+d+FuDNVDv3QhNuRoxgF67Y45bE9Y?= =?us-ascii?Q?cmFZiLcVghnpOAOEAYE6t8QTzkDAnMsqFRHUNaAb1oxgZq15oLY/srqfLVcr?= =?us-ascii?Q?hxdg2pmlJDKr+i7T0ZtE7u7AkQtCDrBwF3Mn28cQasF2aw9Gu4n/JmkIQniO?= =?us-ascii?Q?5WIXigRp4CPaeDG1aYANIlKJRqVlDsezE8wztDBoY9bm8nkC3xVrPGLFD8ha?= =?us-ascii?Q?3LWr8BjhMs5lxCvKDKc2JPLa8LfY2nPHBlo5V9OJhxVk54j8x+1Tm58RZoJo?= =?us-ascii?Q?hfic2q8D/vmCUYmFVRQPTgsJ7qDTbpLhjng48Znb7sLGfxltFfouGm4HJenL?= =?us-ascii?Q?TQ64U6lxmwzDOb8swjYBLPqDLUNZ59GAs6Y4vaHqXs3x/fderDGPoox9fYG7?= =?us-ascii?Q?Wmpalh+DPVQ8dWwtWzT6ya3/fyyk8b/e5XoZV+mkdgOHXI+xGp3jIvb2KQMj?= =?us-ascii?Q?x/3YvB5F9hlzMVXse75HIog3n3z6a3NjY493ww/G2WSfMD6kUrv32nnsiHSI?= =?us-ascii?Q?2Bzro1fPYSx07Y4Q0bSiIIbxNSoi/gvW3vH/lxqL4mCg14la0cqQtVtTkb6g?= =?us-ascii?Q?bKzr70fJ/iJt03px7CtX70G9BQOvo144MvsEGrla35PyEd0dWaMuxg5y8Psz?= =?us-ascii?Q?qOtsFoCkfilnAyc=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:40.1886 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc078d46-5faa-4177-7304-08dd30229e84 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8766 Content-Type: text/plain; charset="utf-8" Restructure mds mitigation selection to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 70 +++++++++++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 592d40551432..ff2d6f2e01f4 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -34,6 +34,25 @@ =20 #include "cpu.h" =20 +/* + * Speculation Vulnerability Handling + * + * Each vulnerability is handled with the following functions: + * _select_mitigation() -- Selects a mitigation to use. This shou= ld + * take into account all relevant command line + * options. + * _update_mitigation() -- This is called after all vulnerabilitie= s have + * selected a mitigation, in case the selection + * may want to change based on other choices + * made. This function is optional. + * _apply_mitigation() -- Enable the selected mitigation. + * + * The compile-time mitigation in all cases should be AUTO. An explicit + * command-line option can override AUTO. If no such option is + * provided, _select_mitigation() will override AUTO to the best + * mitigation option. + */ + static void __init spectre_v1_select_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); @@ -41,6 +60,8 @@ static void __init spectre_v2_user_select_mitigation(void= ); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); +static void __init mds_update_mitigation(void); +static void __init mds_apply_mitigation(void); static void __init md_clear_update_mitigation(void); static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); @@ -165,6 +186,7 @@ void __init cpu_select_mitigations(void) spectre_v2_user_select_mitigation(); ssb_select_mitigation(); l1tf_select_mitigation(); + mds_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -175,6 +197,14 @@ void __init cpu_select_mitigations(void) */ srso_select_mitigation(); gds_select_mitigation(); + + /* + * After mitigations are selected, some may need to update their + * choices. + */ + mds_update_mitigation(); + + mds_apply_mitigation(); } =20 /* @@ -229,9 +259,6 @@ static void x86_amd_ssb_disable(void) wrmsrl(MSR_AMD64_LS_CFG, msrval); } =20 -#undef pr_fmt -#define pr_fmt(fmt) "MDS: " fmt - /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; @@ -277,12 +304,20 @@ enum rfds_mitigations { static enum rfds_mitigations rfds_mitigation __ro_after_init =3D IS_ENABLED(CONFIG_MITIGATION_RFDS) ? RFDS_MITIGATION_AUTO : RFDS_MITIGATI= ON_OFF; =20 +/* Return TRUE if any VERW-based mitigation is enabled. */ +static bool __init verw_mitigation_enabled(void) +{ + return (mds_mitigation !=3D MDS_MITIGATION_OFF || + (taa_mitigation !=3D TAA_MITIGATION_OFF && + taa_mitigation !=3D TAA_MITIGATION_TSX_DISABLED) || + mmio_mitigation !=3D MMIO_MITIGATION_OFF || + rfds_mitigation !=3D RFDS_MITIGATION_OFF); +} + static void __init mds_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) { + if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) mds_mitigation =3D MDS_MITIGATION_OFF; - return; - } =20 if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) mds_mitigation =3D MDS_MITIGATION_FULL; @@ -290,9 +325,29 @@ static void __init mds_select_mitigation(void) if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) mds_mitigation =3D MDS_MITIGATION_VMWERV; + } +} =20 - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); +static void __init mds_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) + return; + + /* If TAA, MMIO, or RFDS are being mitigated, MDS gets mitigated too. */ + if (verw_mitigation_enabled()) { + if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) + mds_mitigation =3D MDS_MITIGATION_FULL; + else + mds_mitigation =3D MDS_MITIGATION_VMWERV; + } + + pr_info("MDS: %s\n", mds_strings[mds_mitigation]); +} =20 +static void __init mds_apply_mitigation(void) +{ + if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) && (mds_nosmt || cpu_mitigations_auto_nosmt())) cpu_smt_disable(false); @@ -595,7 +650,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - mds_select_mitigation(); taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2070.outbound.protection.outlook.com [40.107.243.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D62B9204095 for ; Wed, 8 Jan 2025 20:25:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; cv=fail; b=rJ8MhLyAWt51CBcQcRLwYo6wJt50AqNJcPH2r0oOUFx3S321qeZsiAuiwf2/nyn6CoZ69jYO6+c2UxXWBtMYsyP4oIg3P6SbU9PrGB7DAgbMLkhyqpqNmbIZcUtV5RKbyo5AhP5FZnr2oV/f3zaqsV4vZDmnWcFsAS+fO00Oo2A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; c=relaxed/simple; bh=SHPy7x7hYgC307HOIMyNejEEnrSwhYgDgNwTGa5VXeE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CI3HqpmoYF8z56qgS6zAjYVxNMlvw/YH7DgR/uboxXviGsOQZewJnuhJxgTjut2xb76on5zDyPiOisIAlWeM86jfoTaxZly0P/FAjfRWyJ4ZuGkfye20AROtn9mSfK/KlK4BrJJOcNDQ49/TQcC73cn0fmtQ1FsaOgFMUGTmpp4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=OxR78UWo; arc=fail smtp.client-ip=40.107.243.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="OxR78UWo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=p4QkQB8LbrzUILhtds8yri0fWmNVh0Fla4m1WAYFd2CuK8iII9X9GBcURdV/UCZkPciv/QOAT3tOgQJYJIqhzlQvYCJ3TOyUiLM7bLFzRVGhBXavVKswvSA8f2s1fOiHQh+8RzQ7Q7g+k7uTpKfc1SbahkbIPeaVKilTfBv3uxRQ93imZiRmAx2o9r1/yh8vD5xVtoEfvSq5xjG31njMGzDV7pyeI3ih9g9BXfQFZdPycrkTMJL3Tb8drmWWbOJkKIs1NNkBAMAD7ht411k1ZwMTw083PSkdIeEWQPR60J0Hsd40H4Y6vH3qe4GFocLOZt9KlYu8FZJxef/3S8w82A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LyAoyMAhVDlo7OLKmC1+Rn1eYo3k1MQQx9fhwTnW/Nc=; b=dMJi0dMdmE3JssbrWYZeYoUQL377M6NB9TJxrnWyGtmPNQh9v1KofOkls+7KiJS7Vl5fYpBMpr4flzLYHa1rrFsvLcuDoNp6ATz2tf3UK8K+jdK/g8tPl00cibuBqWPNiXIUblMY4cuRWqZfTs4zyJAZJJmKbR1rUeHS6BpHs03qGiXh+YVoV/Tplp087wK+MWNocUuyZwIevV22WeM3DKtOO90BYLcnSHG46BpFVxCKgIXkNS0qtnVbhauLYxIN/IddZ8cSxtZLs3g+qJQy+pWRfJmQcT1Ews3rYJpBmt1A67lGQshaiFL9boY4KoLBiEOVIBWM7NldCPKk+jpMhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LyAoyMAhVDlo7OLKmC1+Rn1eYo3k1MQQx9fhwTnW/Nc=; b=OxR78UWoq/VNclSkZbuYymQDXkZUS95iX+ml2CJ0ZfE/K0kBSO/MkCvUdQ7WKKeV6hyRbDQ3Sa4Sou+lDwSHrVC3jJ6Fl8J54hM26B8msF+8XxME38PVbh242x3lDV4gnWImPASkD+dqjdvtF6ZlThTbAawJUZxous7BtgUmDkk= Received: from BL0PR02CA0075.namprd02.prod.outlook.com (2603:10b6:208:51::16) by PH0PR12MB7010.namprd12.prod.outlook.com (2603:10b6:510:21c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:41 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::57) by BL0PR02CA0075.outlook.office365.com (2603:10b6:208:51::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8272.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:40 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:38 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 05/35] x86/bugs: Restructure taa mitigation Date: Wed, 8 Jan 2025 14:24:45 -0600 Message-ID: <20250108202515.385902-6-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|PH0PR12MB7010:EE_ X-MS-Office365-Filtering-Correlation-Id: b5634bd4-714d-40fe-a8be-08dd30229efb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?A5txf0251RdqnRyGLuZiqzEeRr8/9hRIGBrs3pNe7ZhNSOpg/rmkNVkaibyF?= =?us-ascii?Q?edl2a/ft4x3OkVLNR1pomrvxwPgWuyLCU+UmX4TWG5AS6isJukyCZdMTnIYe?= =?us-ascii?Q?Sqe4DPYtpDCJ2gMSREaIPNiXH3WM4Pn9/zhg0IzsZpqnFO9Unzzgj7LJ7Ryq?= =?us-ascii?Q?n2e6v+fd4pD5QwdiVAQQsNHAbFHHGo1KsXxMOXLbYoC76doP3d3+jrd2+bMz?= =?us-ascii?Q?oE5MQiMdLrxEza+vhxVLnqYK0BLhe5oA3IG6merJfoxljQxHFTJtUcx6cq5I?= =?us-ascii?Q?zZvTXJWqw9iFG7nSirAvAYFHET4YFSnRSdvP9HTWSd2l26ciYwfy+E73OxBW?= =?us-ascii?Q?WqVfuCP1+WXvXHXDUQ7dRmJRZpMh29pnwsJ1J9bw7vusAR9P8PhId5JLC2m6?= =?us-ascii?Q?OKzb3lMGwomvu0uwejpLwv5xj12xlEdaSiF72WX8WHRrYcnDZpxnh+y3qfvT?= =?us-ascii?Q?Gj2Lc52DXIJi41Gb4IpIY2czcZKbGuY5sy2i8z7odh/19U+xyBLigZLsLiOT?= =?us-ascii?Q?kGHy6Dzmozb2ACZhcbzZAb3O3vqeFglEXjwsM61WpcAbhUzVxvHa2Jbc3HA/?= =?us-ascii?Q?LAKbD3IVCAqLSFU/51VDw2ceQE5oXpreZ+vJJq1/QJfKgscX5F2xI4jm1x64?= =?us-ascii?Q?otjBvI2o3ojd4h+j7ZWP849aC9dTrW70USec6GRFf8hhm5rkalfBv+B0W5yP?= =?us-ascii?Q?WcS4N+4e4Q1eTRRfNJVPCsLcwrTvc0osYIOflUSxpnShD1CxJ/svlJwlzWk6?= =?us-ascii?Q?TggL3Zzllivm9LVTd0ubNgOhS64N3rYDDGVnnA+y3uWyRL1Psj4BcgRhyCUQ?= =?us-ascii?Q?mGQP9BwIwnVNrfu1gy/h77I9Wc0bmX1FyCx+hgTq8ZqTvqoGgEAvseFHupU+?= =?us-ascii?Q?EKAMpnxFj2EsbnwRGaPXXckmnwDT0/rrt0o1luqXrm3553PMoz7hsXqO7QgU?= =?us-ascii?Q?kGk+So42WQjmvLC4KMVirviuqhIniv9FaJS7YMKQGv5wfSlZc2gc1GS49A3I?= =?us-ascii?Q?J1WEfKsIhMK70tWhvxLOcuwJKoSAfD86sybro3TaGBM4uoJbYuy/OvWycWZU?= =?us-ascii?Q?Q1+W5/dYvGEUwD7bHQkpEbX7v6VwRl7UGP3jnB3qKKW9dMWInVeI5Idmdowo?= =?us-ascii?Q?0gzhxj+z/7lZ1xrjzSdolkOK4Kc32CWJQ/8/8ncEXxmHcogHWB8b1gTajH3D?= =?us-ascii?Q?+d290zJluPzw39B8fo81O/xD83i7kMlnMl87N1U1hfRKP2WAME3azYJzIJ8I?= =?us-ascii?Q?IPGwMWhgfJ9T9PmSbxJrssXFoD8INUUymzJqjMUUIlA7GGYkU9Cw9fwzrvzh?= =?us-ascii?Q?g0cmVYzRtiHmn0s7IFXuCV7IM39YPV1Izj28RhPXnD374rVrcqF3Ehe2Z0lK?= =?us-ascii?Q?Tmx9brg7eKOG3QwbYVwo6Nc34mO0toCHHCtnGhtu5ZSWRLAeh4QLsXDCs4BE?= =?us-ascii?Q?4Wa0kzI9gjIU2RaAfn6aGrg/1Lyc5PMFwXY3+j3rsnOqOsGE9fxVJ0+mOzO5?= =?us-ascii?Q?CH1Q1rwnusnb6bY=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:40.9698 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b5634bd4-714d-40fe-a8be-08dd30229efb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7010 Content-Type: text/plain; charset="utf-8" Restructure taa mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 92 ++++++++++++++++++++++++-------------- 1 file changed, 58 insertions(+), 34 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index ff2d6f2e01f4..7beb2d6c43bb 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -65,6 +65,8 @@ static void __init mds_apply_mitigation(void); static void __init md_clear_update_mitigation(void); static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); +static void __init taa_update_mitigation(void); +static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); @@ -187,6 +189,7 @@ void __init cpu_select_mitigations(void) ssb_select_mitigation(); l1tf_select_mitigation(); mds_select_mitigation(); + taa_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -203,8 +206,10 @@ void __init cpu_select_mitigations(void) * choices. */ mds_update_mitigation(); + taa_update_mitigation(); =20 mds_apply_mitigation(); + taa_apply_mitigation(); } =20 /* @@ -375,9 +380,6 @@ static int __init mds_cmdline(char *str) } early_param("mds", mds_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "TAA: " fmt - static bool taa_nosmt __ro_after_init; =20 static const char * const taa_strings[] =3D { @@ -400,48 +402,71 @@ static void __init taa_select_mitigation(void) return; } =20 - if (cpu_mitigations_off()) { + if (cpu_mitigations_off()) taa_mitigation =3D TAA_MITIGATION_OFF; - return; - } =20 /* * TAA mitigation via VERW is turned off if both * tsx_async_abort=3Doff and mds=3Doff are specified. + * + * MDS mitigation will be checked in taa_update_mitigation(). */ - if (taa_mitigation =3D=3D TAA_MITIGATION_OFF && - mds_mitigation =3D=3D MDS_MITIGATION_OFF) + if (taa_mitigation =3D=3D TAA_MITIGATION_OFF) return; =20 - if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) + /* Microcode will be checked in taa_update_mitigation(). */ + if (taa_mitigation =3D=3D TAA_MITIGATION_AUTO) taa_mitigation =3D TAA_MITIGATION_VERW; - else - taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; =20 - /* - * VERW doesn't clear the CPU buffers when MD_CLEAR=3D1 and MDS_NO=3D1. - * A microcode update fixes this behavior to clear CPU buffers. It also - * adds support for MSR_IA32_TSX_CTRL which is enumerated by the - * ARCH_CAP_TSX_CTRL_MSR bit. - * - * On MDS_NO=3D1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode - * update is required. - */ - if ( (x86_arch_cap_msr & ARCH_CAP_MDS_NO) && - !(x86_arch_cap_msr & ARCH_CAP_TSX_CTRL_MSR)) - taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; +} =20 - /* - * TSX is enabled, select alternate mitigation for TAA which is - * the same as MDS. Enable MDS static branch to clear CPU buffers. - * - * For guests that can't determine whether the correct microcode is - * present on host, enable the mitigation for UCODE_NEEDED as well. - */ - setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); +static void __init taa_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_TAA) || cpu_mitigations_off()) + return; + + if (verw_mitigation_enabled()) + taa_mitigation =3D TAA_MITIGATION_VERW; + + if (taa_mitigation =3D=3D TAA_MITIGATION_VERW) { + /* Check if the requisite ucode is available. */ + if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) + taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; + + /* + * VERW doesn't clear the CPU buffers when MD_CLEAR=3D1 and MDS_NO=3D1. + * A microcode update fixes this behavior to clear CPU buffers. It also + * adds support for MSR_IA32_TSX_CTRL which is enumerated by the + * ARCH_CAP_TSX_CTRL_MSR bit. + * + * On MDS_NO=3D1 CPUs if ARCH_CAP_TSX_CTRL_MSR is not set, microcode + * update is required. + */ + if ((x86_arch_cap_msr & ARCH_CAP_MDS_NO) && + !(x86_arch_cap_msr & ARCH_CAP_TSX_CTRL_MSR)) + taa_mitigation =3D TAA_MITIGATION_UCODE_NEEDED; + } + + pr_info("TAA: %s\n", taa_strings[taa_mitigation]); +} + +static void __init taa_apply_mitigation(void) +{ + if (taa_mitigation =3D=3D TAA_MITIGATION_VERW || + taa_mitigation =3D=3D TAA_MITIGATION_UCODE_NEEDED) { + /* + * TSX is enabled, select alternate mitigation for TAA which is + * the same as MDS. Enable MDS static branch to clear CPU buffers. + * + * For guests that can't determine whether the correct microcode is + * present on host, enable the mitigation for UCODE_NEEDED as well. + */ + setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); + + if (taa_nosmt || cpu_mitigations_auto_nosmt()) + cpu_smt_disable(false); + } =20 - if (taa_nosmt || cpu_mitigations_auto_nosmt()) - cpu_smt_disable(false); } =20 static int __init tsx_async_abort_parse_cmdline(char *str) @@ -650,7 +675,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2053.outbound.protection.outlook.com [40.107.236.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDE51204096 for ; Wed, 8 Jan 2025 20:25:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; cv=fail; b=kfrY0G3FWGG9AlB5K+x96AFSRtLBlUQFai+2dO+6FttjQcrs+dzdqMnyMhhKa3WnpXZhb9M9JA15fOQRXz0EwSFn3udi8Sv0KiH5srYzTrSsoSgQAz8yZjYFGnyZoCszfZ4S5nyT+vKN1yt+pErz4zBoXIgy0ZeEzoFrcN4vsJs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367948; c=relaxed/simple; bh=VYnkWrlj0ZzSONw1ohiCmz8D8scnG9mFjLZ7nOBY04Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HtKXE1CZ2vHKRmUR4GiuWjrRAK+FZKhHbpNyBJ+h010cd1Gn0RwLWld4PNy8+VubRp2Axz+XJdGbaArMg0hAP3PpDdbWyufc2NahhZc/mkiMiJbpbZUOagzN0D3Ua/xf2armamVnbwimdqltqxogi5xiHDiEXnZ1F8PeUaUllW4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mOBbGsPS; arc=fail smtp.client-ip=40.107.236.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mOBbGsPS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hrJoOhbww26T656ZQiEOEWgw/uz/UAqadojimZAy5TI/F2LTLXNMiRoQcXZyulEiXOR4LJ0mmA2EANudWCdURFej655BkkLDHE/h6nYrLFTO0rdn4biDum74hpfR66guB6Sglj25/ZUGbRjXL/e+sMCn24BDTtjjoqzL4yaCWX6i70vDTM0qQavOPfpYSgZFJvjONEzg3EWwtclWzdaS8veP3HBTjd0X7oTANCHNFypV5nOyBQSWDSVGPBx57j17JAQ0nG1y8LPUqgadis5Qp+NwOa0Qi4HpcmJJLPg21CO6yK0VwshPT8TN+zxr1Eym1ZJzlm13HsCffZZMEjJ/Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LBaXgDJHVEqw39QNDKHOE/ZhB66AwC5aPHy5nWzVdnE=; b=OmJ7qcd+xyVxvNSkQ6U8IAG6deLtMAUyQzLF9uyzwvp6JL+MAS0fNnc1Wf7lN9mGjnxCmOj9WRO5fdCglEQtiYFGsSCOf9G+6EKf+4QcB8syk1ys4kd7wdHdW3s9N65aPoqiMoelea2insPmD7xCBSBdQL4pXwCwJl2Y9XLr2xUAyY9vg31Ior9m0RXOeRsRLqkvWpQXnKKYx4RLqPAqaYFdERIX2u9Ma5WEdV45Lkgv40g0qwFvVUAtiErGTlvjCSwms98tae2XTH1JaXpn0t7XS9YwOlZHSDS9j/KVQx43lpgjZXi8TUiojjNAJqRrzEhe56+PhD4q7cHeeOjDDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LBaXgDJHVEqw39QNDKHOE/ZhB66AwC5aPHy5nWzVdnE=; b=mOBbGsPSVhxVjCP/pSoKQjPEJ74+1QI7F+eUfN7YN38qp5/MgMBCTqyNultuvYqM8U/Ve6bmPSgLMID/1EMR78Flv5SHCyIBFWZ3Mi40amzzb5eCV/i8aOEue9BeQ81AF/nBv6ASh3ck9Xw4CMWRtqBmt9V+sr93OCS02DItIxA= Received: from BL0PR02CA0103.namprd02.prod.outlook.com (2603:10b6:208:51::44) by BL1PR12MB5876.namprd12.prod.outlook.com (2603:10b6:208:398::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:42 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::40) by BL0PR02CA0103.outlook.office365.com (2603:10b6:208:51::44) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.26 via Frontend Transport; Wed, 8 Jan 2025 20:25:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:41 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:38 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 06/35] x86/bugs: Restructure mmio mitigation Date: Wed, 8 Jan 2025 14:24:46 -0600 Message-ID: <20250108202515.385902-7-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|BL1PR12MB5876:EE_ X-MS-Office365-Filtering-Correlation-Id: 9f70f948-4d66-4de6-8f10-08dd30229f83 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?p9BSfianmicoaK56kKl8Fst8uQpad8J3P6yRR48higoQUULrRrBdwUh3ktAo?= =?us-ascii?Q?vMe9UWhLyxKD/136C/57mC9HWiqA9Fu8KoLYBlbJsaSxsD0w5DGdaYF7oUi3?= =?us-ascii?Q?Ug7uDg1T+2DPiJmFWjaNL2/GT5jhiWnkWhvvXb9QJVlRNEuM/T1FXIVQBLeA?= =?us-ascii?Q?c4V1eoKu+76VEAY8ztE/p6GuZPGBY1nhjU5786VboiRYXbCTVv+A5F2Yqqd6?= =?us-ascii?Q?u+cRP55Bz0qUFoezyXY6CNckrz+psFyjERxXVKjzEhrk/KxxhmIvGl0SVl2l?= =?us-ascii?Q?zdDk4x2CSuFP+NiOkUVrqpT4t0veuVm6gkKTj/dS50R9O/N2V1ocssHeVp10?= =?us-ascii?Q?0uXwdT+TmniRCqOIhSIC7DmFGXUBP418SasP2cxBpcavXDzNJHa24B+PgKuv?= =?us-ascii?Q?tm+TLlqydWyNuowJk+1igF1SRVHu4x7rj1xpdmmx8KR+1xdNMV8yNY6LHsVr?= =?us-ascii?Q?Dh3pYN5ygMozs3T/ZlRCfRD3uwgpKvRCgVrZ0rHHC3Q1Nk6zsnGn2SWDHUQL?= =?us-ascii?Q?BGb11Hr5+8vkgXO5BQp/XIZHvbFVYvdpeakoqZuKIdrfLXnWSQR8QSFbwICS?= =?us-ascii?Q?6mXQiOHXyhFvOvJ7ys9qIn9XIkSMUSJ1wtoDRJn/4eJUD+SK57VXywm5FKUG?= =?us-ascii?Q?lkyAGFt/F81l5OEGD2aMeDEwMga65yfzaeCDbyLkHpQxG9Xq+NToVPtJQQtG?= =?us-ascii?Q?ADkzGisAUNQG2/uCWexbSIpiXdfByDmYrMS9/Me9ggq5SB9bt+F+j/QiqFH6?= =?us-ascii?Q?TiGZYn3iz+Y2pa8ilbU92QFRL4vVf9B405YnpAxk46VckxdVEfPROp+ShiHV?= =?us-ascii?Q?xdpE2cgbm2+AhlEhbliJz+mEEk0wBQak/vRkBTvPMzxT5KdJgTaxeeHdBiXf?= =?us-ascii?Q?o8+2qSQqNdgR/8r5doHfLYGB8NCWGsIPGDqkgzOI5cdepb1su1D1yFaYaTA3?= =?us-ascii?Q?VOsOCbuI2WzGhDwx1XI7v1iKvK7sO7BfUDqVur/Gug/5/lIa/RjOxUUzan1F?= =?us-ascii?Q?u7EV+a2Ce4m4FqHMn7vcQy3piDORK/xETSnfwJpNrE4ug93I0494+KxTu28Y?= =?us-ascii?Q?qY/hGq13tH9+ahURCBqsU5InXwomEYt3M2Xu8mFpsmEUe4igXzmECnWeCPx8?= =?us-ascii?Q?SSsstwxYuLbwSgThnwIo+U4G8wS+TK+RFlzCfzl8OA5CFR6mH4oxLOT1eAO8?= =?us-ascii?Q?Vds0VZLcqEl8eRl/VbdGnk8UJADJU4jJupwoBdW54onIjN7iz5UgaZwv+BD4?= =?us-ascii?Q?o7+mssGMJwqLPqJs5ZNHIdKj3vNi4hPD9oBuLwKOlitSoTCO7sUoJxnzGT6a?= =?us-ascii?Q?8oIXw6h36Wr/d5aktoytrWTuEa9RK7kIPPbECHTw9ugvJfOmylW4KZK/KByO?= =?us-ascii?Q?K4BfnZ3TVFg6oAJYi96Z/7JQKODidCcnHhcZxsM+npD2GV4UwUddNqmcU+IB?= =?us-ascii?Q?rQ+NOj/1IO+4LpkrEpWG3Nb9ucaKkJFwSnRwJGfAoDDuTxkhfVxHEalMTnZB?= =?us-ascii?Q?2ng16zFLXvl3AnI=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:41.8761 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9f70f948-4d66-4de6-8f10-08dd30229f83 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5876 Content-Type: text/plain; charset="utf-8" Restructure mmio mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 60 ++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 7beb2d6c43bb..a8da097ab2d5 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -68,6 +68,8 @@ static void __init taa_select_mitigation(void); static void __init taa_update_mitigation(void); static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); +static void __init mmio_update_mitigation(void); +static void __init mmio_apply_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); @@ -190,6 +192,7 @@ void __init cpu_select_mitigations(void) l1tf_select_mitigation(); mds_select_mitigation(); taa_select_mitigation(); + mmio_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -207,9 +210,11 @@ void __init cpu_select_mitigations(void) */ mds_update_mitigation(); taa_update_mitigation(); + mmio_update_mitigation(); =20 mds_apply_mitigation(); taa_apply_mitigation(); + mmio_apply_mitigation(); } =20 /* @@ -510,6 +515,45 @@ static void __init mmio_select_mitigation(void) return; } =20 + if (mmio_mitigation =3D=3D MMIO_MITIGATION_OFF) + return; + + /* Microcode will be checked in mmio_update_mitigation(). */ + if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + +} + +static void __init mmio_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || cpu_mitigations_off()) + return; + + if (verw_mitigation_enabled()) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + + if (mmio_mitigation =3D=3D MMIO_MITIGATION_VERW) { + /* + * Check if the system has the right microcode. + * + * CPU Fill buffer clear mitigation is enumerated by either an explicit + * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS + * affected systems. + */ + if (!((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || + (boot_cpu_has(X86_FEATURE_MD_CLEAR) && + boot_cpu_has(X86_FEATURE_FLUSH_L1D) && + !(x86_arch_cap_msr & ARCH_CAP_MDS_NO)))) + mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; + } + + pr_info("%s\n", mmio_strings[mmio_mitigation]); + if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) + pr_info("Unknown: No mitigations\n"); +} + +static void __init mmio_apply_mitigation(void) +{ if (mmio_mitigation =3D=3D MMIO_MITIGATION_OFF) return; =20 @@ -538,21 +582,6 @@ static void __init mmio_select_mitigation(void) if (!(x86_arch_cap_msr & ARCH_CAP_FBSDP_NO)) static_branch_enable(&mds_idle_clear); =20 - /* - * Check if the system has the right microcode. - * - * CPU Fill buffer clear mitigation is enumerated by either an explicit - * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS - * affected systems. - */ - if ((x86_arch_cap_msr & ARCH_CAP_FB_CLEAR) || - (boot_cpu_has(X86_FEATURE_MD_CLEAR) && - boot_cpu_has(X86_FEATURE_FLUSH_L1D) && - !(x86_arch_cap_msr & ARCH_CAP_MDS_NO))) - mmio_mitigation =3D MMIO_MITIGATION_VERW; - else - mmio_mitigation =3D MMIO_MITIGATION_UCODE_NEEDED; - if (mmio_nosmt || cpu_mitigations_auto_nosmt()) cpu_smt_disable(false); } @@ -675,7 +704,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - mmio_select_mitigation(); rfds_select_mitigation(); =20 /* --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2073.outbound.protection.outlook.com [40.107.220.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C511203718 for ; Wed, 8 Jan 2025 20:25:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367947; cv=fail; b=ZxnL4E3VBDZKmMD2BlV7o6IjPt6ENhpMWZYTQdobSC0qMLfTE2AHFcWJsmbq5ydOlcL6Q62oG3N2naaoM4X79je+S0/e2Sn2+LSVOjbu8NiTnfEvqv1zji47nuA/EptsraMAiV/8JGXDYJNeyiD6bZB3MQcc0e4agntLLdVxGt8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367947; c=relaxed/simple; bh=avAw8EIsDIE6XQgigzLjWbZozHQOpY3xIXbqF3fxdsM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nuUAlXKWtwr2I0saRB2c9TZgkw+WlFpljBKDOfXGh/yEpAhjRcriOP+0YI7hBGIRBy84MQMykK6RQ8N8YSXbhyD/5FwQsxPnOeYi4xAsOoThyDApFkZTngOBp7bbk56CAaq3OUdOE52lZt7vFtQsYdWmxhprjLEqioUQODUyTnU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jSH6axeI; arc=fail smtp.client-ip=40.107.220.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jSH6axeI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Mpn3WNI/V93n3fvuP6X57YqU9n6IfM7OEnaC3+6au57w+1K9380RkARzEBeeuCa5PNXQW0ZO1bx0pI5esxgPtyxNJpTa8k6H3qLCLzhMtTzinzZdAybdKZy26X1odJfOyoOYX9dNeCGi6jb8tSfPeudbj7uWGOevwIGDl+ROVDwzFCH0Z7X0J7l3uaIZAyZ1vIscQzJ7OQbgdJhl99w4CqAEMm77P6A5ed28zicQMT2Bg6XcPj932G5gCU4w5Q2+w13/BXJU+5gfeIYwONYRmhUVjVFYPNyjwoMaesVC0u3NgsOhozydguajzBzQKnWqqpfDfJJFByr8KpWItjppUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GJK25JRucbSw2LClsYVBB1SxjqIbZiZ5J8q+AXQQXGY=; b=I4L5MCjQXHCM0a3ZHYub3U9lXEgteRjSOsosVcHJ60WJvtMTriR5WVYeUM2Eo8yO+nUu39eIhtQaQm+0w906jvfV1HK/WQC4pfkKIKnyaQ7LnSUenm6vpotmddEsousJ5UBtdhKhdwXl+0oqiew+cV/6H8SnQwzTMPBiUQmbiFdavEzztOFCn2q6oBv3KP6fQ8a54AC2yS/x3js11mRCYDSAQYZnBrBFs8XB//ncB8JvD12CBfBpH863HjzF5A+JxYoGwptHTQP1M1v1s5hts+/2bReuFhe3d55MH7QLKtGg9/3atOtKztO3jvIH84S+kUVkcEpPCQbx7spqSXBDXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GJK25JRucbSw2LClsYVBB1SxjqIbZiZ5J8q+AXQQXGY=; b=jSH6axeIPxdRjb1sCffVc+756ez7py2nuI6pRM6oaiRX6NLD+qmi+UWigWRy5QsuVVhW/Aak+d5ePhm8XyoQeffTgANVvtt9zOEUb6pOWRL8Fhdov5KgzIi0u4Vy3IPW2bAZza3aK9e4a+inQHCZbf988zd9N+pnK2E+pYwZEDc= Received: from BL0PR02CA0096.namprd02.prod.outlook.com (2603:10b6:208:51::37) by MN2PR12MB4439.namprd12.prod.outlook.com (2603:10b6:208:262::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:42 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::1f) by BL0PR02CA0096.outlook.office365.com (2603:10b6:208:51::37) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.23 via Frontend Transport; Wed, 8 Jan 2025 20:25:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:42 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:39 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 07/35] x86/bugs: Restructure rfds mitigation Date: Wed, 8 Jan 2025 14:24:47 -0600 Message-ID: <20250108202515.385902-8-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|MN2PR12MB4439:EE_ X-MS-Office365-Filtering-Correlation-Id: 09c3e4b1-c17e-4e61-b226-08dd30229fe7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|1800799024|7416014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?vxOZa/l2M3+8r6bB0bG+Vt3iqC4RaFNW8QDxnlKQJKMtTAn9Ifh9vcDhjg0T?= =?us-ascii?Q?I5nooJ+CgSgkyu7pWSIMUQcj4y0bIy7xKn6zG3FqWRhzu0uZSew8Zfo3EUrt?= =?us-ascii?Q?PNIqmI17izY+yGS6AZkPqQvLbTR3p+UeTCscR/d7I6CZEjjcQEUo34QmrxJI?= =?us-ascii?Q?5WfQlEUv0KxT5TVTD8H7LtKMkUYHhs1KvUpHZklRR2ZPamgyvFoaHgeRMeCl?= =?us-ascii?Q?4wTNqs5Kj3x+5n45brc3XfGIBEdvDQE5nxCkSCi9aZVlJ5UGqHPa2+QU9ZZy?= =?us-ascii?Q?wSpzVpLzPucRFeNXxaMSQtPYJoW+4PTzVwZqZQ3WHaIJDOqnmZAky9H97TUX?= =?us-ascii?Q?pZKY4KTZfwZLQFAPF2BZRTEZCsCF09UkHnK45Q56qIEYkjstVlTrHwILqL1h?= =?us-ascii?Q?f4Q5IX0IP8u+eUP1p7rmoMmOBaMjQLcCwc73saFUGTd05GdGILBfDqxYleIR?= =?us-ascii?Q?TcNGhyxn5JOZAac+fvy9AeldeyhpK5U4Z9+glNhedJ1UvTCAy4vxcCNSyjEU?= =?us-ascii?Q?ZTgEuhRSEgWcZ5nVmaD8aPYSn74eTyg8z7E1H83Yco1DUUxTRRdHRUBkfMzv?= =?us-ascii?Q?+IkFrctfJMsU+CzX8DP43Vz1fuFWfly+ZPFxjrfBRJSeKVlWsa+AdHHGPI1V?= =?us-ascii?Q?zuY34+F+35xMVC1bi/RvlNAJtUFEHBaSr76v1/C8bSCIyb7KRRXdq/+Nq7k0?= =?us-ascii?Q?wpXOhA8n+LNd1Oq5FjufHTs7e7PljtgilkQ3KTn0sbY+bLW3K+bpzdW9yL69?= =?us-ascii?Q?8ZryUv6k5fi9qWoKUqILFiQ/bNptn9Wg5FFwLFqNIpjY1CRHnxeEG1o/ewUz?= =?us-ascii?Q?QvtPtO6qO0xP0A5KX7AUKX1ZD10Rr+gv1z4gOctCKXvTebKn+63Y6suN4d3A?= =?us-ascii?Q?zuoE0QH5nL613pYFLIDwceqiPqQaMdc2aGLXwwxvsrEAup6A57n8+AOydTTs?= =?us-ascii?Q?pZAVA1cwsM6K4XORqaBhdhoGbpR3Kle3MeQ0e83PKbR2jvRemrg7y+Swsh6p?= =?us-ascii?Q?jBnUQ2wAh2uzgM0C5Jk7/RIo71jhcpWL2fZMW8cXDQ7Pvm0JjC6tFkmodSz5?= =?us-ascii?Q?y+19cZpZSYqh/WT/UAoubLp8gL15IBWv0glrGYLtDRL3LIRplPswXCiN5YsI?= =?us-ascii?Q?0nmkUAuXzKf8jWLQKy+cOjZzGWiXeOxL6lCLkY1o0wHj4hhvxERaHB46QgnE?= =?us-ascii?Q?4BeVjsXkBq8/mu5dp3hevxhtAYlSDW4NiAA+1TTPublyJk3dCxW62lYjl/Ps?= =?us-ascii?Q?LWJCozStKjOU7p5bTm03bajHSI9TGdLUN55OH9bi8SRFKgAM4JP+bviOfgIt?= =?us-ascii?Q?A2r5hUQs+mFMSnkXF4LYfVDCcjFz+68h1cOfvcKnMYc+tWZgQaICcwyMx1NG?= =?us-ascii?Q?xpfumjBB5K9qwHlZWTWGjQ0MSyb5PTI7o9DXc0BZwEiqAQmRYQqSHWY2Op1S?= =?us-ascii?Q?OdMooeVC5/2RdMUzNxDMJRGNnzONZq4jJIunA9oPnuzsz2w3mk6CwVecT3eJ?= =?us-ascii?Q?ZZAEW020CC8/RV0=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(1800799024)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:42.5167 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 09c3e4b1-c17e-4e61-b226-08dd30229fe7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4439 Content-Type: text/plain; charset="utf-8" Restructure rfds mitigation to use select/update/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index a8da097ab2d5..871b9f93b714 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -70,6 +70,9 @@ static void __init taa_apply_mitigation(void); static void __init mmio_select_mitigation(void); static void __init mmio_update_mitigation(void); static void __init mmio_apply_mitigation(void); +static void __init rfds_select_mitigation(void); +static void __init rfds_update_mitigation(void); +static void __init rfds_apply_mitigation(void); static void __init srbds_select_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); @@ -193,6 +196,7 @@ void __init cpu_select_mitigations(void) mds_select_mitigation(); taa_select_mitigation(); mmio_select_mitigation(); + rfds_select_mitigation(); md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); @@ -211,10 +215,12 @@ void __init cpu_select_mitigations(void) mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); + rfds_update_mitigation(); =20 mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); + rfds_apply_mitigation(); } =20 /* @@ -607,9 +613,6 @@ static int __init mmio_stale_data_parse_cmdline(char *s= tr) } early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "Register File Data Sampling: " fmt - static const char * const rfds_strings[] =3D { [RFDS_MITIGATION_OFF] =3D "Vulnerable", [RFDS_MITIGATION_VERW] =3D "Mitigation: Clear Register File", @@ -627,11 +630,28 @@ static void __init rfds_select_mitigation(void) =20 if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) rfds_mitigation =3D RFDS_MITIGATION_VERW; +} =20 - if (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR) +static void __init rfds_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_RFDS) || cpu_mitigations_off()) + return; + + if (verw_mitigation_enabled()) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + + if (rfds_mitigation =3D=3D RFDS_MITIGATION_VERW) { + if (!(x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR)) + rfds_mitigation =3D RFDS_MITIGATION_UCODE_NEEDED; + } + + pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigation= ]); +} + +static void __init rfds_apply_mitigation(void) +{ + if (rfds_mitigation =3D=3D RFDS_MITIGATION_VERW) setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); - else - rfds_mitigation =3D RFDS_MITIGATION_UCODE_NEEDED; } =20 static __init int rfds_parse_cmdline(char *str) @@ -704,7 +724,6 @@ static void __init md_clear_update_mitigation(void) =20 static void __init md_clear_select_mitigation(void) { - rfds_select_mitigation(); =20 /* * As these mitigations are inter-related and rely on VERW instruction --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2071.outbound.protection.outlook.com [40.107.212.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF2F5204F82 for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; cv=fail; b=t1JVSW0u0+c/SOJp03yDFxlpdx/4NCytSvQMVS5iB1GG5HWz7fxOjOQJVkSKY2F7w9CV2yJmXarr6ygkTmG6cG8FwPBqCoMbIU+KNM9TGh7Yk706G/q1pxn+bhLOkGy0cztwxyBoWrdnNhiZBTWki4NzHufuALr9cijBgSQ7c2Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; c=relaxed/simple; bh=V3YKoq/7xSr3hPL6C2pGH4eoCqJ0LqFkwP2zxgSk6CU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kUjt+gP0il12fWEclRuPl9PZZvN8lpc53MWNagFuc/XrqRodwhHlCtFIZoeNdZ6vG33nkUPwX7EzaQWylxSkBZ09xX+EXOVXqVfZQrvo6mm9dJoaMUFM0qalW/o3VRAP47UAOXCWOifDYtfiFPrAgyTVv2vrIDNpAktzzI4oMhc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BZoEuKeW; arc=fail smtp.client-ip=40.107.212.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BZoEuKeW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LuBRkhMLT8wZ2UBGbAR/mu8qiLaIKm+6wJ1iqckPT7GOoIz5loeD9FjMVeDDuzHWHTB9YMtCHELOliuSoymJst02gtp9y6+wSS/bB4Yok89xWRgy8zzBtfhim9JvMgit9TnwvMGrP/pBj804dN6EWQ1lkCj4zLcUmUwx8YVlmENq311pfOgBa36sipbqu1hYROMwH5r3iAPO8Rr4UbgCMxRkwd6DKu+R3JRrxOLIEA1BO0YFwkmwFbCMZacUXBh1e/OwG4vohMocBJ7y2x9yMJWpE1ltmt1Ipw7lEUvYiqEcPMzz3dfJVx565tTBLCl4eGPADsS1P+IuOOrJS5aInw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ir1GPm0WXRQ1zHn5rMMbhYE5bpimsWpTcSQjsJGnJag=; b=SpFYUAywhXkyxcpczcZ2gvPVt1302h6OphBnIsyYapVhWu5/xrKHHVzUEO4aTaSnLoxsU6GIlxj1nrXzhbJSkVqfM/FpXPJ8ZqeryPupwPNgQXCRCxHkrbqtqvaqUB3Clob3e3ifPCoEwPe5Q7EHpAIBo+yybpiVz62pzPv/gpLk49IuqzwD5Di3V8yub+YqQ51B96jSKszs7YIPfE9FxhYeHjzeqi6GUSzqsZl4V4sVSZSQuSkWE6xVJWqe+wlTxDjDBeGtL/AtW1JvzYFe9oRM4sNwh4Fi07YjBnrSSdjXqyFnrsTD7ZtTjdZlKreBcLDIAUcC32N9cDPcYEaBlA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ir1GPm0WXRQ1zHn5rMMbhYE5bpimsWpTcSQjsJGnJag=; b=BZoEuKeWB+v0BBZn7SfQSlX9niPw+O0U0aFWInstMZNGNFBi39zogqYdT3s5v+ewSnqOtK99fN7POXQHWaRvtUpml8EIUKPHLYJOk+5KELWfOAxrmLfN7n7X9AhgLxNXvCEpirqZRJpcBfRdUWkBPr11PWvsbQaLs/6EKNKIoYM= Received: from SA9PR11CA0010.namprd11.prod.outlook.com (2603:10b6:806:6e::15) by PH8PR12MB6938.namprd12.prod.outlook.com (2603:10b6:510:1bd::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:43 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::10) by SA9PR11CA0010.outlook.office365.com (2603:10b6:806:6e::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.10 via Frontend Transport; Wed, 8 Jan 2025 20:25:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:43 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:39 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 08/35] x86/bugs: Remove md_clear_*_mitigation() Date: Wed, 8 Jan 2025 14:24:48 -0600 Message-ID: <20250108202515.385902-9-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|PH8PR12MB6938:EE_ X-MS-Office365-Filtering-Correlation-Id: b9e3edff-4da0-4733-0269-08dd3022a047 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Bsci47KU2Bprgl0lEQ5oxnhvmEaLYbUlbFZ7GA+DbjxxXMR1wTSA7mOY7ni6?= =?us-ascii?Q?Wya929tEFkV8jpe/gZOBL5ubWUtj2+RDm6oyCxGlwJj7yvHCFRld51SsxMeg?= =?us-ascii?Q?0AXWeTABJa39Zj1Ub3Dm0pGoukg4vLCCG0DfG1c64Faf+IocvKaP4U17V3o8?= =?us-ascii?Q?tZuQaHQCogK0KsccXviE9o6MtcPrFLlbM+H2vR7G2wgibZ5qGvsBoqYOy0eo?= =?us-ascii?Q?Gz4r5N8lWGm1JwhsLywCpJlP+UoGIayezx57lMYSjTVc0jG14F0ZtYSLAALn?= =?us-ascii?Q?Y+98doYf/KsBj/ElfNpAe+3VZsS8urR8bp7tKiHOmoDHNRQk+owggQwF7Bhc?= =?us-ascii?Q?FmQfUu9dJefR46FSn/h/LXpksRTyCBV5B4ydPwcnF7Xc1Fd97PByIdY6nsh2?= =?us-ascii?Q?ENSb1Ky7sUpxz51Q3uOaAFnyqp1vu8h8+gZpBQMvsJ4KYq89WV8fafOxdX5T?= =?us-ascii?Q?Iga9JvCUcf437g7FJC3ByIpy33gZdf0jnSnJZ5Sw1ZWWcwObDMrU5jCQXaqI?= =?us-ascii?Q?kFV6XB8vkYTIDB0V8Uvll5zq+JD8OXqE+wq7aKMEdyk+2Q3JK5jqlwphU3+H?= =?us-ascii?Q?d7xxgNOJKDgVKONzPob7LOgGTVaZm3dZ0Rwgj6M5DKceM4zEUi1XAU/4fInG?= =?us-ascii?Q?3GsPje2+yER9l9D61g8oyXPH+3Zc0+0rYccBR+5ZW5AwsUSR6ofFpzvaXP7X?= =?us-ascii?Q?bbP0qPNU6Rl8sXUuLeQET0fQfy1e1HY4Ztx5jeH71yyryUIxhp2QA5iWS1O2?= =?us-ascii?Q?W1Xn3uk39f9wfW4QQpid6OxVR2cRsw8HboCJwCnzKztuVCsfN44KrK+fkOin?= =?us-ascii?Q?8sT4axebhq7LvK1iZb5pIDFbPRSv735sjMW4rLhUeZG77KEHFZQ+3MBGZZF9?= =?us-ascii?Q?4e+1BPEQi9rvM1WEiAjnuzkWT9W2Cjt88nFz8ou/Y1t+OQ3FRga4fDjvcAQd?= =?us-ascii?Q?kIUDxcatYt7fJNhWxPY2fo/iy7KcDzLW8jgTGZeHsVVnS8X5DBlZJ5xVx7UP?= =?us-ascii?Q?Jgaaw1xQ6D+kh1o/fC8YX9QeLVdK8Lar5DGwx//iCvbALIfOLPYWD91y/er2?= =?us-ascii?Q?D4RZKr49x/53jdHNN0qbF0ViEnSad8j4X1CEErBVM3GvN4d5ICgth9+stZw3?= =?us-ascii?Q?XhNbBhEH9j77+eoadp9xv6UBWceC5gYj2nRpsnzBDbM2EoVgGIIHewCk4LJU?= =?us-ascii?Q?bUtIsg9WMxpV75LtC5S7wfYwzewiy8RrOt1r8MYqKsUy7O/KMR4bkNwwwx5/?= =?us-ascii?Q?u/GgPnO+T9zk/johOoBPlR8eus+zTJr13WzBOhdzYONLvPvj3md6BsdU9Fab?= =?us-ascii?Q?o94s+BkW5Q1/pBvJA0NtGCXER1GYRmX1yhWO7/Ws26mcWQr/MD64Bg91EBQJ?= =?us-ascii?Q?RQ82tBx5jExNYSi2qrOq/dowT3efvLmBsqM4YBUx5DyILpVHBBarETXtqrsG?= =?us-ascii?Q?vvifdgceyCsSVUq2pyigWLdeaFHpG60ikuL1HW9Z31w2dck0FQtfPMJM0VAn?= =?us-ascii?Q?aAWGT85/Gs76F4o=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:43.1414 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b9e3edff-4da0-4733-0269-08dd3022a047 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6938 Content-Type: text/plain; charset="utf-8" The functionality in md_clear_update_mitigation() and md_clear_select_mitigation() is now integrated into the select/update functions for the MDS, TAA, MMIO, and RFDS vulnerabilities. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 65 -------------------------------------- 1 file changed, 65 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 871b9f93b714..6c6a42b2dfe9 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -62,8 +62,6 @@ static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); static void __init mds_apply_mitigation(void); -static void __init md_clear_update_mitigation(void); -static void __init md_clear_select_mitigation(void); static void __init taa_select_mitigation(void); static void __init taa_update_mitigation(void); static void __init taa_apply_mitigation(void); @@ -197,7 +195,6 @@ void __init cpu_select_mitigations(void) taa_select_mitigation(); mmio_select_mitigation(); rfds_select_mitigation(); - md_clear_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); =20 @@ -671,68 +668,6 @@ static __init int rfds_parse_cmdline(char *str) } early_param("reg_file_data_sampling", rfds_parse_cmdline); =20 -#undef pr_fmt -#define pr_fmt(fmt) "" fmt - -static void __init md_clear_update_mitigation(void) -{ - if (cpu_mitigations_off()) - return; - - if (!boot_cpu_has(X86_FEATURE_CLEAR_CPU_BUF)) - goto out; - - /* - * X86_FEATURE_CLEAR_CPU_BUF is now enabled. Update MDS, TAA and MMIO - * Stale Data mitigation, if necessary. - */ - if (mds_mitigation =3D=3D MDS_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_MDS)) { - mds_mitigation =3D MDS_MITIGATION_FULL; - mds_select_mitigation(); - } - if (taa_mitigation =3D=3D TAA_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_TAA)) { - taa_mitigation =3D TAA_MITIGATION_VERW; - taa_select_mitigation(); - } - /* - * MMIO_MITIGATION_OFF is not checked here so that mmio_stale_data_clear - * gets updated correctly as per X86_FEATURE_CLEAR_CPU_BUF state. - */ - if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { - mmio_mitigation =3D MMIO_MITIGATION_VERW; - mmio_select_mitigation(); - } - if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF && - boot_cpu_has_bug(X86_BUG_RFDS)) { - rfds_mitigation =3D RFDS_MITIGATION_VERW; - rfds_select_mitigation(); - } -out: - if (boot_cpu_has_bug(X86_BUG_MDS)) - pr_info("MDS: %s\n", mds_strings[mds_mitigation]); - if (boot_cpu_has_bug(X86_BUG_TAA)) - pr_info("TAA: %s\n", taa_strings[taa_mitigation]); - if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) - pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); - else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) - pr_info("MMIO Stale Data: Unknown: No mitigations\n"); - if (boot_cpu_has_bug(X86_BUG_RFDS)) - pr_info("Register File Data Sampling: %s\n", rfds_strings[rfds_mitigatio= n]); -} - -static void __init md_clear_select_mitigation(void) -{ - - /* - * As these mitigations are inter-related and rely on VERW instruction - * to clear the microarchitural buffers, update and print their status - * after mitigation selection is done for each of these vulnerabilities. - */ - md_clear_update_mitigation(); -} - #undef pr_fmt #define pr_fmt(fmt) "SRBDS: " fmt =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2072.outbound.protection.outlook.com [40.107.100.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDD0A2040B0 for ; Wed, 8 Jan 2025 20:25:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367949; cv=fail; b=lxvUs6WqO5iLiUBzSVatavDXxuJbGA263GQKyZI5JXI9DCxYTMxu4b6674g2JqMR+Fu8vkoa5Z2/iI9eTWF/bQ1EjtCrxFCNQD3PbQ0DwTSz7BjsHVyuAYkv38Mm4JPFDfk1Djgltz5y8XaWirY4bK2lOUwaYShfUdJrGpaOG9k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367949; c=relaxed/simple; bh=g9L7Zrhe2MhSeHwrJFTIRAs72qCwPTNFRYYm21+MZEE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Vwnttayo4NKD3UXtjfrhQaNBrm4IZnlS0ZAvT4EVOamhljG2n2qnbYrsYrqRG2i63xzRJOr73IKi6GCopyIbSn5fRv+Fv9dGdKoiKEzJutsJLnTN8h5nfg+RXLeysVEr9WOXdVCfC38iRALRePgQ5/9JeKMm6sn4Bupo1i+7WgE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jeS9nTWV; arc=fail smtp.client-ip=40.107.100.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jeS9nTWV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IumMey5jqFZP5kCAtqTadwq8ML5aBOmUPLxP4Br7chJWctalMgwi++S4Z8LOHODQrO3ZYrXMDwJjKZ+EApmYuNnT2FgjKl8hQJFbqhseLO30vCKBocy3+b6lD0oR/skrHtqtUlfXVc14kzw4UZ/6BVlV3CbzORrsmgxahKLp/BPVd/dWYdceLCpO2G68zRCAXUOgJTTnHGb6H8ATsNPJqguzap34yMDNVfudZ0kiffapIbOV9khIt8E7b2KISCwxQvMMac84eDT41EgDbZcEMPvlqIJkbSM3kKcDwUluIoRRQd9OsgnmLhDln3ds6RZ07SsI0DKouSbbAEdjrdmFGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n7KdHr7YkHG1HQxcDomJJmLyoAHnMhX5okizTzwfE/w=; b=jQfqmXon8vJ2yZTJ0jPNDfP2gWqQbQ+Z29ZvBqEToaaHm8sG+VK9KnU6noTMAcAltaQSvKIRH9Z6eGjfKMaHqSvXebbAloiktGCR0xZor9OfZlF+0aK8fAYmhf7SADfAZXX6PmEc+dQS+fDgfzWtsrQgPnwpcB4kXWUAIXi2Wk5Qh9WUMSCtJQQ8E8DDUtHFTBWtZ/M5pHPVINL2zWKeKO+uBzaoxC0mRUpmhk9KjCU9hmkM6ALZU+r9daqkect93ygvmsDiidAsNM9P6a917FdyMvu0eTXH2JphzyOYlG+pkgevAZaJQF5BBjODwEgGhtVkCL+B5mIryCRllh+HMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n7KdHr7YkHG1HQxcDomJJmLyoAHnMhX5okizTzwfE/w=; b=jeS9nTWVZrQRdFd9nRl6qSZYNClPuJojdL19Rb7v/h9w33r2XXDCLsydrxbeZ5lRHD9OB3vUXlvp0Ej8Qk55WA1vETRqeKpfSo109Gd3HxCxy69D/B/glh/O+x2A88iXbaVspPY4gJeMm4nraarNYTdc9daniMRNgv4w/5GQM5w= Received: from BL0PR02CA0075.namprd02.prod.outlook.com (2603:10b6:208:51::16) by SN7PR12MB7420.namprd12.prod.outlook.com (2603:10b6:806:2a7::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Wed, 8 Jan 2025 20:25:43 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::9e) by BL0PR02CA0075.outlook.office365.com (2603:10b6:208:51::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8272.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:43 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:43 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:40 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 09/35] x86/bugs: Restructure srbds mitigation Date: Wed, 8 Jan 2025 14:24:49 -0600 Message-ID: <20250108202515.385902-10-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|SN7PR12MB7420:EE_ X-MS-Office365-Filtering-Correlation-Id: 48b633b1-53da-405c-e96b-08dd3022a03f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Ihx7ty8OCpY2BhRyfGHahtBTVpd7uZh4bNaPzRqyTQSfbvzg99IMZ0mtACC1?= =?us-ascii?Q?m+wxGsCvVnouvugLI4rX8zd5+Y4fXo1f42wL8zKLO0323LwjOQ9oe8ilg2q8?= =?us-ascii?Q?L6Li0S0WdsMP95n3ygWStMLofIRLRoicVgSlncsZl15+Pk4XeuFhIutJfHZL?= =?us-ascii?Q?ElygxD3r0b+Wb8Gjr2dfeP7XvhcepFgqbBXqaYomkE0O6WXQcnhb+ikLc+KU?= =?us-ascii?Q?gD7oHtHpfarI6xOQJbp+Dd07hR69MCCDWomZDFIhx4+Xbf+BBtocAReh9r4n?= =?us-ascii?Q?52a8L2uYfHj9Fufw8sKFKS8bZtHX+Q0y2IpsZws2Gh4hjg4fxCbDAIzs0aGh?= =?us-ascii?Q?DAu+o2fAmtJhgbZ9AKTYYFJzkhdyThiv1c1uAMSYJ2fOOJ7PQb1BM1H9Ygis?= =?us-ascii?Q?yOsZunmbNv9m+G9/3HBoNL2smQH0AfWNMlioC2fJLgvdoj4/XVVEg50O1z3a?= =?us-ascii?Q?KwKYGM4MNs7cjYwEeCsBQXTAGT9B5sLXEKQA4c9Flz5w+oVj6VSX8QR+/am5?= =?us-ascii?Q?bE3xY1wTsIQvHHe/ITRortYXXLG7wJgQ9iuOeodNJgaSOvdcCUlZbMt/IcNG?= =?us-ascii?Q?WRuVdlwJivvZ20s98JUFJOHN73NwUnEwiB3ixgPduMbHzctfLI/GQMStOXyO?= =?us-ascii?Q?iWGBMtr/WBamQsUkQFpeGem/8lGy9e6xjrXvU9v1adrdLi32kixBnR3f7Nny?= =?us-ascii?Q?Tdc0f7htYMBLoojOc5otX0223TGHrz2ceL2iISNGwLUjAn22LauQsZ5p/S1X?= =?us-ascii?Q?R9EZdzGlLpBE+lfmD+HVDalUP+Ozcdpv+mp9MUS5j5pr3UJhEYUE+jCwMtOE?= =?us-ascii?Q?L9rjWcMazxguyqP1AsSd2fnIuVtP06R+NKs+F9EElfndvoq+SSdQLMcP0vV8?= =?us-ascii?Q?zvM6kR6M1fKg6VD0XD4Xd62SxAJXe1OOYD6GOnqawUtaGGX6MoDHckpjw0J2?= =?us-ascii?Q?A9xhkz8h+6p1hhQHVezJx2glVpkYDvKF7z+brU3zUFA25c3jaNxTqtMcjR2c?= =?us-ascii?Q?nvdfgSFHpDs4HzCc7zv6bIygu5fC96bfzm1rY8EzLgh5eDaVjIgWN1uyVT+H?= =?us-ascii?Q?UeKYI3yi04vL9OqOejgPV+gZkDGcFNSaxk8yDL2RcNfVI9CFlTY1gydO478n?= =?us-ascii?Q?8681jUrld5HvdpMgS1JrGwPuwHsbeQXuZrHgxpdyf02KfzaKOZYNp2G/rqm8?= =?us-ascii?Q?blYvqGyK+6YihkyeEScPi1ugMn7C4pVIGm39YsOt3urg8tz+/fJIqsdIPQuX?= =?us-ascii?Q?6Dce3eThCSKpJRNvDeDxu18LJUrkLjIAj23QZqKz0L7gLqnBCPJ81+X36srF?= =?us-ascii?Q?Qz7t5qlUaNFXDCe2Vb8c9XegqkMiUADHLaMVZkoSB3VEOKO116GgjfgOX69O?= =?us-ascii?Q?JNj3ikXjNknUwwXVBk11J3kUHchMU6UoMM+D4CDm23fZx1FF9Q/tycR/GUeT?= =?us-ascii?Q?bG04m246ClmQcx2uxaLYo+FFXbyF8kz3mx7Q7QWcCXFlvkRgCiMM2KDKrdYX?= =?us-ascii?Q?ODQ9kDwSwpFQr0E=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:43.1105 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 48b633b1-53da-405c-e96b-08dd3022a03f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7420 Content-Type: text/plain; charset="utf-8" Restructure srbds to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for SRBDS. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 6c6a42b2dfe9..fedd693b2218 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -72,6 +72,7 @@ static void __init rfds_select_mitigation(void); static void __init rfds_update_mitigation(void); static void __init rfds_apply_mitigation(void); static void __init srbds_select_mitigation(void); +static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); @@ -218,6 +219,7 @@ void __init cpu_select_mitigations(void) taa_apply_mitigation(); mmio_apply_mitigation(); rfds_apply_mitigation(); + srbds_apply_mitigation(); } =20 /* @@ -673,6 +675,7 @@ early_param("reg_file_data_sampling", rfds_parse_cmdlin= e); =20 enum srbds_mitigations { SRBDS_MITIGATION_OFF, + SRBDS_MITIGATION_AUTO, SRBDS_MITIGATION_UCODE_NEEDED, SRBDS_MITIGATION_FULL, SRBDS_MITIGATION_TSX_OFF, @@ -680,7 +683,7 @@ enum srbds_mitigations { }; =20 static enum srbds_mitigations srbds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_FULL : SRBDS_MITIG= ATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_SRBDS) ? SRBDS_MITIGATION_AUTO : SRBDS_MITIG= ATION_OFF; =20 static const char * const srbds_strings[] =3D { [SRBDS_MITIGATION_OFF] =3D "Vulnerable", @@ -734,6 +737,9 @@ static void __init srbds_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_SRBDS)) return; =20 + if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) + srbds_mitigation =3D SRBDS_MITIGATION_FULL; + /* * Check to see if this is one of the MDS_NO systems supporting TSX that * are only exposed to SRBDS when TSX is enabled or when CPU is affected @@ -748,6 +754,12 @@ static void __init srbds_select_mitigation(void) srbds_mitigation =3D SRBDS_MITIGATION_UCODE_NEEDED; else if (cpu_mitigations_off() || srbds_off) srbds_mitigation =3D SRBDS_MITIGATION_OFF; +} + +static void __init srbds_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) + return; =20 update_srbds_msr(); pr_info("%s\n", srbds_strings[srbds_mitigation]); --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2066.outbound.protection.outlook.com [40.107.96.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49B5C204C04 for ; Wed, 8 Jan 2025 20:25:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367952; cv=fail; b=uQDq7VtmsgSYkm82J+G1jRIFLAt42Uj4jpNCNH5gqI62SDKBlLfek60e7aAvWmHFLdgvgM6gzPbcvugdvKzU7tY49T5V2Y2kndphJ6WtiPrC82DEL8cbeEwJI8/NUxjs4cHuNyJVOUHnpkeAVSrVM6ZaxkBIoPCwpSlNUPf6Eoc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367952; c=relaxed/simple; bh=KZFjJIhL8cN7IGVQezOROdYOD+SJaAO1xYNzHX3M89U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mIFAAEM0DHDA5mLMwY+vOicPXEVS63+jI0Gd6KmxOekPsc9TrWqrUDZgRFGAss4lfkB1dKbEkWqsB7WRQ3/UN4JOWOyBR9ITvHNhQsrQpRldcZZs6XF8uKbb8UuPxVsnwHDWMmypL8fmIOhoCEGlFL4Gf08CjrEEl0Y7sGRlq2E= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HfLO4X6w; arc=fail smtp.client-ip=40.107.96.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HfLO4X6w" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Lh4g6ejFnbfxFiVcxHt9FHrib+G3VIVxZJcVH/UXJeUxTZNjGkzSBhlUQreW7IzoN5sEpgIQTrL0m95O98s8yxDSnI7l4jC9r4OCR5pQaxPx9kFPfYFf4bjU8VRCaYoPPLd82lVMfobURsqkv5Dk9BUITNlsK+WAzxZqEwVKVkD2xkjJxwZYsyPt0mLopgGFBiPBxQR1uDiPs80oPPDNnQ/zmBHKzw5pxsdJtyrzMd8fGP7Da/vFYvHiDLvSKzC+9xbhBQD1fTvFHtlFoV3EhNfLBMlzj8cwSliEJH798Hy18ENbKTFtIzVNWNd1apsZU3Mx5xfAFznCzkGGmVY3Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c/LNyxve6EFJSCS+CDO+YXvY0cmpYC6enRCfNki1ffg=; b=iOrCY24p6uSFQZuTzAl2lvzb9E4W9KRLAoHk+/v44nA7Wugu9bGQ37D74A6ccWYSZSApTiWQizoPv3JskIR3KhVRIX5MaQE9bvqZJQt8yLnK0p8sbWiZd16Sj8zZBPQr9QS6LRgvtxqH3EnOerDk4xs/2qGaaJCHMzVp6pkni5h5uHbGtMTcAhNkzSrqu/Zwe4zcTTWuLF9/pBTFgxE96W0tQpGKAMpJJqi83WUNCWCZwihMIfDjxl3A0RAiyzoDScDB0j6qcw7n1s5vXNZWmXSieA5NtWfzbEzBGRfaIqVIv8w9ll8DFP7swtltFm6xbIepXLSrPHeZXEfoLgWCdQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c/LNyxve6EFJSCS+CDO+YXvY0cmpYC6enRCfNki1ffg=; b=HfLO4X6w5TZs3d8iGvtu/v2VfpE7iofzB3iz6q/HilgJMBuBLKOujadIaSKZtBM6g59iuNfw1pqjgrf30PK71RmjXsDrJaFFSV1WVvrHb8mFS4IzaoDxGC/AVB6rYXO8v3zP9GMz7hgmAdhXzeXM4eu2MNa3o3FpK+gZtUfIO9o= Received: from SA9PR11CA0013.namprd11.prod.outlook.com (2603:10b6:806:6e::18) by CH3PR12MB8535.namprd12.prod.outlook.com (2603:10b6:610:160::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:44 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::d1) by SA9PR11CA0013.outlook.office365.com (2603:10b6:806:6e::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:43 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:40 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 10/35] x86/bugs: Restructure gds mitigation Date: Wed, 8 Jan 2025 14:24:50 -0600 Message-ID: <20250108202515.385902-11-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|CH3PR12MB8535:EE_ X-MS-Office365-Filtering-Correlation-Id: ae7b9242-25a8-483f-10dc-08dd3022a0b7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?X8jEFiA4EGMAIJbONj2Tava+TYLXvf5cSX49XSKIEUIGooViKT8X3mhYe82O?= =?us-ascii?Q?J33M2mm16auq9un4zTcMSg+eRag/yCkbvrhViMeB3gMf8nZhw2iPvPTQc8EZ?= =?us-ascii?Q?hbkqsaV6Z8FNVtvsTqPrjvyXZR57SigyrYgnEUPW0Jr9CrXRerYc85p+/6yQ?= =?us-ascii?Q?PovcbmCT8/ScGlgUfpUpc16sx2Felkh9nQ9uKoBlIXPFgVIRTH+MhjaVK8kB?= =?us-ascii?Q?koCGJgNlSrZ437BejSuyhAQeuVZeFVxFJyUVCFhWcE809/s3T7C4o79e5FMV?= =?us-ascii?Q?ed9BlW3MhLFsxKjqQ4tdNAaAJDjwc2ypgCsTp7+JbPpWgFDaiHU8dQ1CnwIA?= =?us-ascii?Q?NYyu00rrNRnA6PNk+vdZ6vnss2TrbEWcxRCQbDXX2oXpGnIUWXSX9QFtlqph?= =?us-ascii?Q?fVZs5lY+7hvznzdaFiNr+4O+oFmvGou+Bw9SMP5tcd76XeA7RehY0x+A44Yv?= =?us-ascii?Q?O/InNX9YqI+8sK0A8y0N5G0ThOuUswQqu5NKeaQuLu/XEE8BqGSjkt7CrCGs?= =?us-ascii?Q?QhlUcuhi7A0moJhjFqOeqYc3g6if/DYa+k3cwCfU8c1/7AHhDxkI+n0R7Zm8?= =?us-ascii?Q?wbqcvQUfkB9CocqAKMBUkimsTGcH1iDZAQZOeuk0yVz3xIGnVlLYCsKRTuhM?= =?us-ascii?Q?lnuzHThD30Y/Ibjsl8lazNwUFKs12HQdNr2W5wbnlu3UneDCaz/AaezcQAkB?= =?us-ascii?Q?aphpipvB8MiQjeRFzCv6V9SYOdITr3X9zww0b2zMidb5Gt98yWLb13HcTtJF?= =?us-ascii?Q?SCgv53y34msyHsd84tmAwy8fL05oQQ/muL62dU+Mkt5ZH13XQ2MS4QDT+Nib?= =?us-ascii?Q?J5DvtQElffnhLS0L/ZysH7icvTQE7WzHNpjV25S4+IwcqCMfjYtI5d6s0lyL?= =?us-ascii?Q?xnS5Ir0/wC6nbc1s2lmoEuSLihJi8uMYXFF7TCmrFQlAn4flEoi8rky62qIh?= =?us-ascii?Q?1f8UqAZ8DTVsujCmyTpeigSDMSV+NVE6t3ratltaHOYeeJMdHfZsCBUXQPLq?= =?us-ascii?Q?PMg50bNXynWwVKZuGoWfMmOmqnVbp9/Xu8OUmVuuGRY6vgBFQJ4mKEpe3wuB?= =?us-ascii?Q?Y+4cUuljanS9VYX4CM8NTgPeLDlft3YeGli5budedIOAPuNz9vviC1d7ahkk?= =?us-ascii?Q?ZW/OeAdp2fUHYHJ3WRQxhOlWVSebMuIspdZqAD6thLJWJNVYw8zp3E/W89sf?= =?us-ascii?Q?hN6G3Mxyg0TYafoVQW/TC6T+I6VENd6idtdjkY8C486prmvz0UAzjgWISmda?= =?us-ascii?Q?0N5xi1GSSDgU3MA2HTxXHh+H/E89HxcAXlKq7d+VYcZtrCcJKb5r/IKNewSo?= =?us-ascii?Q?VFedlsuTTgINi7pjDVK0vkc4oHd/ODzXbGI4o7a3vR5Jv9Vqzf4SA2evqnpe?= =?us-ascii?Q?knFdxGL+34u5u6B8wFxgIrZmDvcWuZXy+f4jTYH+yCw8TFc1i6q7HepauOJ5?= =?us-ascii?Q?87QpuVFMHfqLIUtvD6pkuxEL1ogp8hera1MjDZq1+BO4/ZAzbYHceObVFIT6?= =?us-ascii?Q?iOHtDfEr3+/t3l4=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:43.8601 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ae7b9242-25a8-483f-10dc-08dd3022a0b7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8535 Content-Type: text/plain; charset="utf-8" Restructure gds mitigation to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for gds. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index fedd693b2218..58ac99b74bd3 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -76,6 +76,7 @@ static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); +static void __init gds_apply_mitigation(void); =20 /* The base value of the SPEC_CTRL MSR without task-specific bits set */ u64 x86_spec_ctrl_base; @@ -220,6 +221,7 @@ void __init cpu_select_mitigations(void) mmio_apply_mitigation(); rfds_apply_mitigation(); srbds_apply_mitigation(); + gds_apply_mitigation(); } =20 /* @@ -811,6 +813,7 @@ early_param("l1d_flush", l1d_flush_parse_cmdline); =20 enum gds_mitigations { GDS_MITIGATION_OFF, + GDS_MITIGATION_AUTO, GDS_MITIGATION_UCODE_NEEDED, GDS_MITIGATION_FORCE, GDS_MITIGATION_FULL, @@ -819,7 +822,7 @@ enum gds_mitigations { }; =20 static enum gds_mitigations gds_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_GDS) ? GDS_MITIGATION_FULL : GDS_MITIGATION_= OFF; + IS_ENABLED(CONFIG_MITIGATION_GDS) ? GDS_MITIGATION_AUTO : GDS_MITIGATION_= OFF; =20 static const char * const gds_strings[] =3D { [GDS_MITIGATION_OFF] =3D "Vulnerable", @@ -860,6 +863,7 @@ void update_gds_msr(void) case GDS_MITIGATION_FORCE: case GDS_MITIGATION_UCODE_NEEDED: case GDS_MITIGATION_HYPERVISOR: + case GDS_MITIGATION_AUTO: return; } =20 @@ -883,13 +887,16 @@ static void __init gds_select_mitigation(void) =20 if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { gds_mitigation =3D GDS_MITIGATION_HYPERVISOR; - goto out; + return; } =20 if (cpu_mitigations_off()) gds_mitigation =3D GDS_MITIGATION_OFF; /* Will verify below that mitigation _can_ be disabled */ =20 + if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) + gds_mitigation =3D GDS_MITIGATION_FULL; + /* No microcode */ if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) { if (gds_mitigation =3D=3D GDS_MITIGATION_FORCE) { @@ -902,7 +909,7 @@ static void __init gds_select_mitigation(void) } else { gds_mitigation =3D GDS_MITIGATION_UCODE_NEEDED; } - goto out; + return; } =20 /* Microcode has mitigation, use it */ @@ -923,9 +930,16 @@ static void __init gds_select_mitigation(void) */ gds_mitigation =3D GDS_MITIGATION_FULL_LOCKED; } +} + +static void __init gds_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_GDS)) + return; + + if (x86_arch_cap_msr & ARCH_CAP_GDS_CTRL) + update_gds_msr(); =20 - update_gds_msr(); -out: pr_info("%s\n", gds_strings[gds_mitigation]); } =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2070.outbound.protection.outlook.com [40.107.96.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD136204690 for ; Wed, 8 Jan 2025 20:25:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367950; cv=fail; b=CKdwn9UoY7ge7z2AY1TQdPv4xBjNXqho/PB/jY5lXcUU/26GaRh0eamu+BBzVBlWGP1yt00zmv2J1KjBQVusRIsV525nbbhKHMA7jzHaYA0kZNsmeoWDDTtAcAusAaT5FG7BkIRuOqs5fio1XKzn/gKB1ok3xsRgjTd7fUyZYUs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367950; c=relaxed/simple; bh=q4IMbOe3CPTxBHvFjZOkYmORZGrFFo4roiKYwfDIImY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TLhOQtP9tLPDV3U3TyTMmCFNC5S3HNkJiyouv1lNL+NDI/ayBSw7q5LtO7+xWUSEH6NOj65cBKHshxDrBoi1YvMBtGVkoJzNFLGSe9v2iFKyEC/MA5mZiLCaSnINELyJ9g3bTr6chjk4b9p/H07KlvY+CPDasD13a3f0Jo+E5DQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=WQx2x9aV; arc=fail smtp.client-ip=40.107.96.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="WQx2x9aV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XDjZUUGz70CwQN5UCc8dWeGBCwZ9kuNcDSR2PXEEsY32T1vfrQ9bjgh7qsZHisOocKU9uQbyYsCDjFRDdDEzfcnNJENsG/DQFE0QcxKqFFTG/fhqZ/8YrZQStmnm83KjPHFqzMOJL/ysTaPxqxwXHB/SOGcgHQD+XrE8dyXu8c8svMIa0vLemq1U8Wa3h54Bz/kC+9sXqRHLQRaYT7OFhjHSeKEiMoBfIvUVm1SQm6tBkWvu/VleXL7wvJWu/pltExgDzdTGF4BoMVVz3ATXMRaLNkMqKpstry9Ee2u+K+ZXJMuLZ4J25vopLbU9psBrdPLqN8Pp7P/KRKLrFH8RIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BgDteNVfemwREmzKfQY8X61ENCDB2I0OWPrWIfrpcjI=; b=gHpjuPJu74YNTBwC1bnOH3HHTAr2Oq3S9sCsxS4+OFtcGrWTY8bdxK4s+OYEpjyaxFBFyxlovrn+OW2dzcfRMEEBMpMJTlZIp5TgLDNTvQAXWzPdxOUNnXzGp3kCwUzgm7yIRLLeOeWWvjnGI5onKsvHa8Q/KbFV2BASqHJdP4H1u6PwJUQiJhW+RlQ6QlXknx5yfkkhKSkdyWwNMmYACZhuXN8l0A1rqOwg9ExkwwhycFf3cwUtQHDutka3KEyE7RZMz3Su5ZJDFuujMzo3RI3KmTUVD3gC7PXQkwj7BxVK3kJTpBxIC3aOevW2ys+C+UCz/CY+zVWtUE1XxWfUMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BgDteNVfemwREmzKfQY8X61ENCDB2I0OWPrWIfrpcjI=; b=WQx2x9aVA3mEkhCDk9vcXZnvlVMJ7B9oFMU5mEPmh3h9QTw3wUO2N63ng53T8rKvLUeLh8g70D6Y6FMus3ts1ih9KPqtqGY10vIwFmFXssyZdxLz2efkE2nlj0wufHfQwm/AKDG/fu+H450Eny2guh3HfBTZfmbsCGsJqeWV+pk= Received: from BL0PR02CA0102.namprd02.prod.outlook.com (2603:10b6:208:51::43) by DM4PR12MB6255.namprd12.prod.outlook.com (2603:10b6:8:a4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:44 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::6e) by BL0PR02CA0102.outlook.office365.com (2603:10b6:208:51::43) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:41 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 11/35] x86/bugs: Restructure spectre_v1 mitigation Date: Wed, 8 Jan 2025 14:24:51 -0600 Message-ID: <20250108202515.385902-12-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|DM4PR12MB6255:EE_ X-MS-Office365-Filtering-Correlation-Id: b18f0bc5-2349-433e-8018-08dd3022a0d8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?9Md0yCgi22NTtwJXkGmuc2c7c9yQnxfleE7JD9V6Q6WqfWlA6yJXiZIn9NuC?= =?us-ascii?Q?8Q+ZgkDmiN6ULO+ZcHwulsm4LJ6LLTZAZJc86pSz5lRWJOQH4zvTdXVHPYNa?= =?us-ascii?Q?9cudYFB9EQBKN9dnlbTB17aKVm9cAosxBxDaPABt7DhVDFKPD6s3Sb5soy6A?= =?us-ascii?Q?q1zD3B37IBxTGfyJaBTuu66eoA9anojaB19FUFXxkda51EQimOtr4MH+w4J0?= =?us-ascii?Q?blBpkYr5iBWgKSr92BpRBiEMHoWodc8U5JIMHkbI/WGxY+/MU5tYbaDG+k9c?= =?us-ascii?Q?Dril2zs+heyxSTIo2OkohC4FdEWa6V+mysLQ35RZsMo6X/4+bK+N8xiR0xDt?= =?us-ascii?Q?2KvNybENfMtvzO5gsKHSPum3TYbripE8ntNk3bYHOnT2n5XfHrqLF75EID4F?= =?us-ascii?Q?s7CDN+QMUkfjQUjWiYLh/421KdgkhqU1pAdWUGlEIVQ3Fjt56eDODOun19ZS?= =?us-ascii?Q?t4YL9Jcwldc/065M+RznEf5qfrTsFwXk2tu+QXp6j8J14A/qy2R4rxJCfUTF?= =?us-ascii?Q?OCtQuoFwvCABm98brn/ay6XzD1moQ1Hu4PO2YQnFC1t/0yM0hQSbdzHM41Sc?= =?us-ascii?Q?7ODBzxQS+QzHjl9jRbe33hW31hyWLckeqP9xMSJkhl+fjC80Buyv/XcqOHeW?= =?us-ascii?Q?GMpRH8oSvQDEwJggq02jU5RvAANcfG1twrkxlJY99s3/C7URks5O3Q+2J4Kb?= =?us-ascii?Q?2K7vI7QM18ZDeODPDUBeogZBtw707tjJLfj6gIM//sL9wwGcltpNtBHZtTBc?= =?us-ascii?Q?NPDmH+iiNz16xmCVNFKsHxJLBg5bRplwrtvxeFoE41hfCt4vV1ziZibidtVe?= =?us-ascii?Q?BjCRorxd/WlTKTRiq/GofhI+kPLzWTdJPBzjVKLcduuG3TCrqZgHJm2w1aKA?= =?us-ascii?Q?YfmJkafPvcgN2NAC7yq67pdwTQJNW1v5uvCFEEfpB9tExfzO4G9xsPIwX4Mm?= =?us-ascii?Q?eSRpVjl5TIVfq6c3q3MP7kSaJmeNxEQzondtVUAmZmtZoa+AyQFCisQWkADM?= =?us-ascii?Q?sci1WjBnhA4EvBBeuf/OXD7CEBNAFJC8JqO6zHHpvyf4ACSLEc8IObKypoWx?= =?us-ascii?Q?q1w+rnC/oe0P/4hf7nX5iDDuFkyNcw2bg2xs1eALmtHJzDc6Jlln0wgHXfXx?= =?us-ascii?Q?PwDGimJbVeYd7w0sBMX2E2vWY6iGE4s2kKuU/UHpU8b+XJElq+1JH65x8CZD?= =?us-ascii?Q?ONdCII7Y+tjD1KEc+jVX+BhAgKNoD2hf3BYtB8Tfc4delHl8knadNREQzGqT?= =?us-ascii?Q?2wU4mzcgf1++NfgW0cWGYExct0nkFaHju5cVnaTvB4HzmDKzg4Cq1O28TATr?= =?us-ascii?Q?X4USn3zy7sXWtgf9Uu5z2mElzKwZewtnjPkzmycbpH0Z0r60xvq/hN0qU1Tz?= =?us-ascii?Q?jrCFttI7oDCmPu0rdVGSXZaBgtF5I5d9AuLrpkP+0DYcuLENGaBgSBQcsUv+?= =?us-ascii?Q?HLim8dbVhYWtnmXJbNcnrISzwFwCYfGOEaXU3y820JenKPyU1avMMQ=3D=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:44.1417 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b18f0bc5-2349-433e-8018-08dd3022a0d8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6255 Content-Type: text/plain; charset="utf-8" Restructure spectre_v1 to use select/apply functions to create consistent vulnerability handling. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 58ac99b74bd3..3d468bd9573f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -54,6 +54,7 @@ */ =20 static void __init spectre_v1_select_mitigation(void); +static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); @@ -216,6 +217,7 @@ void __init cpu_select_mitigations(void) mmio_update_mitigation(); rfds_update_mitigation(); =20 + spectre_v1_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -1000,10 +1002,14 @@ static bool smap_works_speculatively(void) =20 static void __init spectre_v1_select_mitigation(void) { - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) { + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; +} + +static void __init spectre_v1_apply_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) return; - } =20 if (spectre_v1_mitigation =3D=3D SPECTRE_V1_MITIGATION_AUTO) { /* --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2074.outbound.protection.outlook.com [40.107.243.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D8D42046B9 for ; Wed, 8 Jan 2025 20:25:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367952; cv=fail; b=Dy2zTM/Qaq9tOIzxyP5cM/zlg5ABNRL1aL1gw31Ooo7bZMWNqr5qlE6jbITCMuwsUtFCmAoZ1UxGPHv8yWGxOKFy47CO5U/A+xPeziUDepQsob6hszTy+D1Rv57LOn6d0bierPk9Wfht5DhsIu4x8pijlPdeP6nsXuBkXdSmnOQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367952; c=relaxed/simple; bh=yX3N5Fd97q/rvnshCxLVWGooGlH+NoaFU2FwXu79n+8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XgXlE2TYjkbLt8VnygZn3CVwlQFR89I3xkAxs0x8iATtpyDiRkPsT2YrHMAEBEb05jMH6FQAVSISluZIhHloCZzXrFPZ7cjV/yenqP8zTiU273WXByUq0rsiQbLrryzBNC0FPD2YoOT+031Dqe3XqXv8iFNjnHsO4gTnCJmDJGM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fkqvlKoL; arc=fail smtp.client-ip=40.107.243.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fkqvlKoL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mHH9hnNKgEDP6CyQuag8tPAv6HTIYb0k+Pcc9qe99p44a/fDFsskUduORUM8SmILAlJCB06gYxsG2bkcRyN6vv14+iRWokg4IOG+ptYn4ComPJrY7DVNlzUpBznamKuV0z8vPs+n+ELiD6OnuZW6oWwhHGwMBvSUsbAfbNJttQ/eWjwNY1qM+PjFmeYImLkDlirIzXORImEPK/uprlp46+2VKecopkCMsRXNgUcC14yLhJRL+cOtMDEMBocXZ2BOR9uvOTf1ihe342NFxCGy/TBlQLutRx839hJWPFtK6L43s1gTLHx9DNF4SIztjpp29qKiXnTAkE+OZzYGoV2uSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iQGrwu68XbKQVt19gN7Je7SrqM/Zazcr0Euda7OOaBM=; b=V75VSC6uNRz4R8xenOB6SE54sWJKIWXzaV2OItL6EDUwttVRQnDb7gEY7dVwHarR3pYCujA0x9znj1E/99X+i0XGLwN/0+gIrxqljtdCR81vZ1mRPlpV4eIo6qT75toRG9+HQjaE4fPrMFH1JQEglO6DEM2QXRGsdOiVlYZDhaMnWBjbGD7YgXEv2/5FO0cxHfutgcRd+5SXX/v+CKWkoXE39oVBbwpSN78x4iULkulK9hPLLgwyzucYD1vMbUVLNTvJ/zbscenYe5ObTSsVWK9ue5Cmj6StWLOsw3u04c0tj5SaROg94cXdnU8gQIxVLnCmPIiNE7dpAiUGlrKjLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iQGrwu68XbKQVt19gN7Je7SrqM/Zazcr0Euda7OOaBM=; b=fkqvlKoLcAGksQab3b6zOJtuhB6oCjJLSgelWOktebqkCjbYh8fq9DHUPUJn/4stRJr7zUQGGMZoVvCOF0TzVN8jFb1ESANh8JeK1ERiMPDkf/yKleOO0Uf59SRw/0LaVHeEubAyow/OrD2AW9eyFF7dMGIVm0ZOrWHFoHAViXU= Received: from SA9PR11CA0025.namprd11.prod.outlook.com (2603:10b6:806:6e::30) by MW3PR12MB4364.namprd12.prod.outlook.com (2603:10b6:303:5c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:45 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::43) by SA9PR11CA0025.outlook.office365.com (2603:10b6:806:6e::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.12 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:42 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 12/35] x86/bugs: Restructure retbleed mitigation Date: Wed, 8 Jan 2025 14:24:52 -0600 Message-ID: <20250108202515.385902-13-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|MW3PR12MB4364:EE_ X-MS-Office365-Filtering-Correlation-Id: b7a9e444-8ea4-441d-94c7-08dd3022a13c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3MvhdyVqwgBo8ehOXOjAbW6mJo3MHNde0MzrFHEL6BOjF5y5zldsDTQA12L4?= =?us-ascii?Q?TDbKUKsJo+flP2XVpmeyz/bW9QvO3BVlGe5onWgZNAGlw2FSoocfGhZNYmzl?= =?us-ascii?Q?aiJw7DOwVN2VYlwDk1BW3P0kbt73i9kDUTZcFqz93o/wvI+gLGclja/YI2tZ?= =?us-ascii?Q?vMTmAXWRR+cKkY9WxZ5d6v6KDQuS9bEmb3L25JvamAMQBLel6gP2tOcj1re9?= =?us-ascii?Q?FK58p50SBZoC+4PTGY+7Fa6sWQ0qEjlA1+qCVzLaZT4Y/YOEJkFGCc6UkTxU?= =?us-ascii?Q?0rzdWHJdV034inX+6U6ht5a44fCKW31HaBNbrjegGD3wUpo/H/xMH18obacr?= =?us-ascii?Q?WZ8L2r7VjnGhnBHs1JFfgYMUIgYwVmZnUrHfgVOGPi+RJqgKr9gD4bedmaTr?= =?us-ascii?Q?l+Z8+CVJvfca7tjRCqchnCNHTKyexD7DZqpGwYxaOqATAv9tvqKzATPp7TsN?= =?us-ascii?Q?3wCwBcQP4c8OjlsCe0fDuLqDf3HePTs3AZjwthsMMV4USkDR5DYy8UJcyqSa?= =?us-ascii?Q?8ARHcbD4/s/zkMvohiHRJNPsBlE2foLVY/bdkESWT4tAn/W00D6S1abBWJPi?= =?us-ascii?Q?QMiXPmttuJxBnTDzf6bzLq9wwYLWV83+MtKIATp7y/jfYoipjA9kkp22jqQx?= =?us-ascii?Q?B6eoT0h3OPGJAKEKFCUGmjM3O1neQJQL/jvIVbXWHOdPbeASiuoIeCY2r0Wg?= =?us-ascii?Q?Ewu8ZibtmPM6AA0iMA5XdQprXAYvKRpEerw1qGLx7xEJjb1WPYIXQMg1JwZJ?= =?us-ascii?Q?gV9ZC2/wK6X0d01djKYOL8HmhoGWPSrjfdQBT3WcVUbuf7KKZn5j3O4IWQU1?= =?us-ascii?Q?sD3SwOio4Q9gplNeUsGkyIGwHoaR4men1I3VoC2aJTLZ1KQ94bJO4x+ehu0a?= =?us-ascii?Q?4N8mjynYwJcjxXkuUPZ7Uq4VpjXzc6mv/ZyrqtaQyQ93A0rfSBdEKbljbQwJ?= =?us-ascii?Q?F4mgbuGuYwgATlbkfVLSUbq1S4lkhtMBXW8uFx7Kk2bu5eh5AbYNiUJW2fEv?= =?us-ascii?Q?sCIi3pP+yObi0JaDtDonE1H/MgihWGD5medULMnkjVbRmUEuAi2dPCP/7Ept?= =?us-ascii?Q?md30nMrnTsOFRF2msuo3jvVSIWMz75rjeN7EQXsAMn735crxCEGQvUAXIM/4?= =?us-ascii?Q?T+azORmmKeUjJWPPp5eDout32q89IP13zioaZuLqyOqpR/uSiXiARXcyILAg?= =?us-ascii?Q?481QRnBdjtq67G3HrnoSYQ0c1r6N6H3Q2UI7xqZY/Qlz1FDu5x8F3hw4DZVY?= =?us-ascii?Q?tzfsRiW39CsCBjQ1ct8+yrwoh+lPzd1bxaeXLx8ShvKum6uktSVW0ZMgFHZe?= =?us-ascii?Q?Rm/yk0UIz8R+RTAI7cO8AbnWG6nqTG4K8OAehpY1toqVH00WPp/6rRBJTvaM?= =?us-ascii?Q?VfB9NOsa+dTAFarGV929opGTi1ZBMz7XlUTQCKMzL+ztGE3ggw8G5GFerUSD?= =?us-ascii?Q?hcqi01K/hfq12OGPYDtkc8fvz8Cl3XC7afzUsqY0KT76+jufARo/JX0wDfar?= =?us-ascii?Q?/QYVicxXotq4Mfg=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:44.7351 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b7a9e444-8ea4-441d-94c7-08dd3022a13c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4364 Content-Type: text/plain; charset="utf-8" Restructure retbleed mitigation to use select/update/apply functions to create consistent vulnerability handling. The retbleed_update_mitigation() simplifies the dependency between spectre_v2 and retbleed. The command line options now directly select a preferred mitigation which simplifies the logic. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 170 +++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 93 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3d468bd9573f..66abc398d5b4 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -57,6 +57,8 @@ static void __init spectre_v1_select_mitigation(void); static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); static void __init retbleed_select_mitigation(void); +static void __init retbleed_update_mitigation(void); +static void __init retbleed_apply_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); @@ -180,11 +182,6 @@ void __init cpu_select_mitigations(void) /* Select the proper CPU mitigations before patching alternatives: */ spectre_v1_select_mitigation(); spectre_v2_select_mitigation(); - /* - * retbleed_select_mitigation() relies on the state set by - * spectre_v2_select_mitigation(); specifically it wants to know about - * spectre_v2=3Dibrs. - */ retbleed_select_mitigation(); /* * spectre_v2_user_select_mitigation() relies on the state set by @@ -212,12 +209,14 @@ void __init cpu_select_mitigations(void) * After mitigations are selected, some may need to update their * choices. */ + retbleed_update_mitigation(); mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); rfds_update_mitigation(); =20 spectre_v1_apply_mitigation(); + retbleed_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -1064,6 +1063,7 @@ enum spectre_v2_mitigation spectre_v2_enabled __ro_af= ter_init =3D SPECTRE_V2_NONE; =20 enum retbleed_mitigation { RETBLEED_MITIGATION_NONE, + RETBLEED_MITIGATION_AUTO, RETBLEED_MITIGATION_UNRET, RETBLEED_MITIGATION_IBPB, RETBLEED_MITIGATION_IBRS, @@ -1071,14 +1071,6 @@ enum retbleed_mitigation { RETBLEED_MITIGATION_STUFF, }; =20 -enum retbleed_mitigation_cmd { - RETBLEED_CMD_OFF, - RETBLEED_CMD_AUTO, - RETBLEED_CMD_UNRET, - RETBLEED_CMD_IBPB, - RETBLEED_CMD_STUFF, -}; - static const char * const retbleed_strings[] =3D { [RETBLEED_MITIGATION_NONE] =3D "Vulnerable", [RETBLEED_MITIGATION_UNRET] =3D "Mitigation: untrained return thunk", @@ -1089,9 +1081,7 @@ static const char * const retbleed_strings[] =3D { }; =20 static enum retbleed_mitigation retbleed_mitigation __ro_after_init =3D - RETBLEED_MITIGATION_NONE; -static enum retbleed_mitigation_cmd retbleed_cmd __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_CMD_AUTO : RETBLEED_CMD= _OFF; + IS_ENABLED(CONFIG_MITIGATION_RETBLEED) ? RETBLEED_MITIGATION_AUTO : RETBL= EED_MITIGATION_NONE; =20 static int __ro_after_init retbleed_nosmt =3D false; =20 @@ -1108,15 +1098,15 @@ static int __init retbleed_parse_cmdline(char *str) } =20 if (!strcmp(str, "off")) { - retbleed_cmd =3D RETBLEED_CMD_OFF; + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; } else if (!strcmp(str, "auto")) { - retbleed_cmd =3D RETBLEED_CMD_AUTO; + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; } else if (!strcmp(str, "unret")) { - retbleed_cmd =3D RETBLEED_CMD_UNRET; + retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; } else if (!strcmp(str, "ibpb")) { - retbleed_cmd =3D RETBLEED_CMD_IBPB; + retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; } else if (!strcmp(str, "stuff")) { - retbleed_cmd =3D RETBLEED_CMD_STUFF; + retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF; } else if (!strcmp(str, "nosmt")) { retbleed_nosmt =3D true; } else if (!strcmp(str, "force")) { @@ -1137,53 +1127,38 @@ early_param("retbleed", retbleed_parse_cmdline); =20 static void __init retbleed_select_mitigation(void) { - bool mitigate_smt =3D false; - - if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off()) - return; - - switch (retbleed_cmd) { - case RETBLEED_CMD_OFF: + if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off()) { + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; return; + } =20 - case RETBLEED_CMD_UNRET: - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) { - retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; - } else { + switch (retbleed_mitigation) { + case RETBLEED_MITIGATION_UNRET: + if (!IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) { + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; pr_err("WARNING: kernel not compiled with MITIGATION_UNRET_ENTRY.\n"); - goto do_cmd_auto; } break; - - case RETBLEED_CMD_IBPB: + case RETBLEED_MITIGATION_IBPB: if (!boot_cpu_has(X86_FEATURE_IBPB)) { pr_err("WARNING: CPU does not support IBPB.\n"); - goto do_cmd_auto; - } else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { - retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; - } else { + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; + } else if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); - goto do_cmd_auto; + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; } break; - - case RETBLEED_CMD_STUFF: - if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING) && - spectre_v2_enabled =3D=3D SPECTRE_V2_RETPOLINE) { - retbleed_mitigation =3D RETBLEED_MITIGATION_STUFF; - - } else { - if (IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)) - pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n"= ); - else - pr_err("WARNING: kernel not compiled with MITIGATION_CALL_DEPTH_TRACKI= NG.\n"); - - goto do_cmd_auto; + case RETBLEED_MITIGATION_STUFF: + if (!IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING)) { + pr_err("WARNING: kernel not compiled with MITIGATION_CALL_DEPTH_TRACKIN= G.\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; } break; + default: + break; + } =20 -do_cmd_auto: - case RETBLEED_CMD_AUTO: + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO) { if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) @@ -1192,17 +1167,57 @@ static void __init retbleed_select_mitigation(void) boot_cpu_has(X86_FEATURE_IBPB)) retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; } + } +} =20 - /* - * The Intel mitigation (IBRS or eIBRS) was already selected in - * spectre_v2_select_mitigation(). 'retbleed_mitigation' will - * be set accordingly below. - */ +static void __init retbleed_update_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_RETBLEED) || cpu_mitigations_off()) + return; =20 - break; + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_NONE) + goto out; + /* + * Let IBRS trump all on Intel without affecting the effects of the + * retbleed=3D cmdline option except for call depth based stuffing + */ + if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { + switch (spectre_v2_enabled) { + case SPECTRE_V2_IBRS: + retbleed_mitigation =3D RETBLEED_MITIGATION_IBRS; + break; + case SPECTRE_V2_EIBRS: + case SPECTRE_V2_EIBRS_RETPOLINE: + case SPECTRE_V2_EIBRS_LFENCE: + retbleed_mitigation =3D RETBLEED_MITIGATION_EIBRS; + break; + default: + if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) + pr_err(RETBLEED_INTEL_MSG); + } } =20 + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_STUFF) { + if (spectre_v2_enabled !=3D SPECTRE_V2_RETPOLINE) { + pr_err("WARNING: retbleed=3Dstuff depends on spectre_v2=3Dretpoline\n"); + retbleed_mitigation =3D RETBLEED_MITIGATION_AUTO; + /* Try again */ + retbleed_select_mitigation(); + } + } +out: + pr_info("%s\n", retbleed_strings[retbleed_mitigation]); +} + + +static void __init retbleed_apply_mitigation(void) +{ + bool mitigate_smt =3D false; + switch (retbleed_mitigation) { + case RETBLEED_MITIGATION_NONE: + return; + case RETBLEED_MITIGATION_UNRET: setup_force_cpu_cap(X86_FEATURE_RETHUNK); setup_force_cpu_cap(X86_FEATURE_UNRET); @@ -1254,27 +1269,6 @@ static void __init retbleed_select_mitigation(void) (retbleed_nosmt || cpu_mitigations_auto_nosmt())) cpu_smt_disable(false); =20 - /* - * Let IBRS trump all on Intel without affecting the effects of the - * retbleed=3D cmdline option except for call depth based stuffing - */ - if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { - switch (spectre_v2_enabled) { - case SPECTRE_V2_IBRS: - retbleed_mitigation =3D RETBLEED_MITIGATION_IBRS; - break; - case SPECTRE_V2_EIBRS: - case SPECTRE_V2_EIBRS_RETPOLINE: - case SPECTRE_V2_EIBRS_LFENCE: - retbleed_mitigation =3D RETBLEED_MITIGATION_EIBRS; - break; - default: - if (retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF) - pr_err(RETBLEED_INTEL_MSG); - } - } - - pr_info("%s\n", retbleed_strings[retbleed_mitigation]); } =20 #undef pr_fmt @@ -1827,16 +1821,6 @@ static void __init spectre_v2_select_mitigation(void) break; } =20 - if (IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY) && - boot_cpu_has_bug(X86_BUG_RETBLEED) && - retbleed_cmd !=3D RETBLEED_CMD_OFF && - retbleed_cmd !=3D RETBLEED_CMD_STUFF && - boot_cpu_has(X86_FEATURE_IBRS) && - boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { - mode =3D SPECTRE_V2_IBRS; - break; - } - mode =3D spectre_v2_select_retpoline(); break; =20 @@ -1979,7 +1963,7 @@ static void __init spectre_v2_select_mitigation(void) (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON)) { =20 - if (retbleed_cmd !=3D RETBLEED_CMD_IBPB) { + if (retbleed_mitigation !=3D RETBLEED_MITIGATION_IBPB) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB_FW); pr_info("Enabling Speculation Barrier for firmware calls\n"); } --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2051.outbound.protection.outlook.com [40.107.243.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14B03204F93 for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; cv=fail; b=qkPjFK25noJwL8uudLAon16lI/JMd2C8yMiuht8ZPk15AZz+2XdW+XQM8CqdrxRooalblTgrJSwvkPGSdV/w3EDmJAW04tsGNCBXL7glabxklr+1JjcWa0owJPDS0vVwntEJFDqmXDDGNNPKOza4fvyYO8SvhKBUvLh9cGsucMU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; c=relaxed/simple; bh=6wLsg1T7KyWtFzv50mBtNHv87rPTV1JRTe4LyhYUwVg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B//rrS8oZ+Hd2Klt9GhixRSxy0a9ByOpvV21y/Q6zWnneRvN0lbMN4KYCaBx3Uhnna266PSoTNkqziUwIG8SIMHn8MJe6VLqp6Q0dXaw98/nICwVMxKn0r8tlvwyjwAr3bcK5we3xv+/UQBnt5AKnlDinsTZEs5i5kQ12kdG2KY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=1Kjytgtg; arc=fail smtp.client-ip=40.107.243.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="1Kjytgtg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AONhTE8ZCWVZN56hGyjg74vToQ05ebFETfXyBJ3SNNVlSOBe5SKUEen0pKcKDvyyW9wDQNaw0qamNS92XrLvq5JOjQ+JujHFS2CGKIkk7K45A41qJfivoLTQBo1l+KMa81fgLN4qnM2AzIPY4sR3lqzqp/wDtb6N3XeP69objnPR0SwBgjoshfhl6hWhhRymYu0lF8966lV+cWiqrgbgWRKgEHNi4/RXbSSqaQiDoJDqwJ++pBZ5ELTLeR0V6j2R67zceJdXKS9oJw3oCPkXDd46J/ive91fjG5Kohau1cFNyvBh5ba5/JvYY9Pqu4+Y6guZYHaQIRVdBrltOPW0tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TiPhelaytnKun4EaUPCgE0NyWjdL6+TpzUzEPx8HFl8=; b=HLQ5ux2l7sXWBMdS3f7e5QN2h7gV5GZahFVax5vEP2tf1hzqnv6/FngM3X2Gtau0n+5CNZY0Zn78TJE41fWBmfPgrhfmcCdpGH0XR5Fa1/wY65/uXBaPiWxLBW9j8aPIfAJn3ZTK1dqkoRuEuL6nJfab9aYqsfYe5l9vb0GheZOPbuAa2PFEE/m38UyFCHgjqUERzGxrQE551bQndKx29jmJ+UT7psqojqtRMUdvMkJPmLxxTH7nVEPR7VSxtC+Z1lwa5ScPQwWWMDCgJBxzcndKXouNs5MxEoVZeea9QSu89FwGUDKEsVY4Mo/DeR8EdU2TDrxf1XkwVhagxAJpjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TiPhelaytnKun4EaUPCgE0NyWjdL6+TpzUzEPx8HFl8=; b=1Kjytgtg+KiW5kCuTjfCh6Te2CpGHmWdo8NNHHHTCl5MsEwCNyo8CJOCScAE73WvlxhBxNSXds+bTgakighpLnOOKxEcIXlH/Kj1Aad8bqQ5nLszbhidbdTLevsEY5wbfPbRZRqn+W+61xtcQu7mjjZef3RVE3s5+gtQ58nj5Y8= Received: from BL0PR02CA0106.namprd02.prod.outlook.com (2603:10b6:208:51::47) by SA3PR12MB8440.namprd12.prod.outlook.com (2603:10b6:806:2f8::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:45 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::71) by BL0PR02CA0106.outlook.office365.com (2603:10b6:208:51::47) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.23 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:44 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:42 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 13/35] x86/bugs: Restructure spectre_v2_user mitigation Date: Wed, 8 Jan 2025 14:24:53 -0600 Message-ID: <20250108202515.385902-14-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|SA3PR12MB8440:EE_ X-MS-Office365-Filtering-Correlation-Id: 3d3a1927-98fe-45ae-67bd-08dd3022a141 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?jhn0yp+jKIHpsW7JcfcfxvGoXtX3E149J3m+eNwTuo7l6cqZhs3ZWSpu6t/S?= =?us-ascii?Q?HPR5uRCakIQOnU8+Gxsvpqqpz5bl+nRuoRLd5MNBQPOBhHm0O8nNnp0yZvkY?= =?us-ascii?Q?MPrMJHUCZQRpf2GshIlgU/2inXMW4KYLMKAJ4yPwkvDyJMGI3Z8m7oA/wTTs?= =?us-ascii?Q?469z8+1Xe53XZEKazZhpJne6DDV0wvY9dbHhMojbnP73ZQRBeHDafdk2g32m?= =?us-ascii?Q?eRs55iNvzASGZgvuDUlS5tfJveAv42vNUBWgbOZwxdK2/QN3ESaE2ONEsX3H?= =?us-ascii?Q?NKaLnZc7mo4ddGE1vJE/xnFxQuZr076PnO6GQyIFcVZ3G1DyaP5q8jzTumLS?= =?us-ascii?Q?2PNcB8UCmHnHPHNoBHMqmnBJlIzp/tY0XxTnZRh2lhxIxLQZeilQAbRmLdRs?= =?us-ascii?Q?EYZE59DgIVjIduKrr4VRYfdguMDPSraN+Uj/0YfwPpCOlZIUbzGz5CrdRTTr?= =?us-ascii?Q?z+L3XDDPdQC62QgIGsPJ5aZAcR64vreano0sQ+vgHybBx9pWrEl8tw5buCs6?= =?us-ascii?Q?rxo3Qj/a27KfrN1VSNSq27lXsJpEuLa/P6QxsOXLhIQ8VsjIl8AlKu1D+JZM?= =?us-ascii?Q?Fwq9bE8W7F0K5Hwtg4wYzTVQ/5mOhWLc4trBCoYikMCDViHELmdasWmrNM87?= =?us-ascii?Q?JyeXtCb65C+WHtdH3bIvfS1j3p3bonQ40dqlNPUItOtaMPYTNgiYSfgNm3jQ?= =?us-ascii?Q?WljG1WLbtvRg77rf6SunGCamxRHB5LFc2vMTn4p8LJJxjr6aE4VO8NjL8VxJ?= =?us-ascii?Q?eAjswIyCXpv5CAtorMLdG6Ylb/0UwnB3+ZFPlGseDbovQeD/1wkQ3S8Ij+e2?= =?us-ascii?Q?Uhr2eLGHe6StpXcqwGW23rsO9LCIvBpBFj25VMKLqplzl5nHe/k6SDJ6n/5t?= =?us-ascii?Q?KH1Kg/2acqShMz4+rKHmCkRTeNWFsbwJ9LKT3qsRoBmoEEEcUs7zWNPppd7X?= =?us-ascii?Q?9ROB4KQ0t0uQ5s69tD+a4HvgsSoIMh6fXcXFbOvR0X4Kwn3bb/dw1yIAcY+a?= =?us-ascii?Q?ijyQENBKXTxBmbt+2VlXVdz8BorFmmiklTbAugj5q5QNLJ9cKFbp7DjzEukS?= =?us-ascii?Q?kWT9Y9dCY4xeGwU/X3PLmyPgOorDWny5QGNL75gD0D4vRC2ZYwKd9uS59dxV?= =?us-ascii?Q?LEVWoP7fNTJQzdRCMX9JKKGs7TQh+d8xuBN1xg6Ts2TbCs21quH6sF+8HfRP?= =?us-ascii?Q?Hwkd3OFgFDydlvlzHl6bB+6Bluw3iJgGSv8+CYIt1GvW2kVjrWrBmEKgKIzP?= =?us-ascii?Q?gGhP553olLiz6QF/2jvnanWJACqo61WOkxLV8pRhC1x1lQkOfD7ufoAEh1Lc?= =?us-ascii?Q?UTNo48Wl9pjAZmZpO1/lkBW8gL8WsXD7dl1SCl+d/2lPj9VF/BXDHKt8L7b/?= =?us-ascii?Q?PKzqJ3ZorqGrj9m6ZvNLLOPv5JCOaBea054y21oaDa66km35b4c9AaPdmFP3?= =?us-ascii?Q?FeSTRqKER6I4h8Enw2y40aimWm+XXwwkm2/63AszJNKhbSbHZJsgjzcXLzH3?= =?us-ascii?Q?sxdaHmWQoDSmpkk=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:44.7824 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3d3a1927-98fe-45ae-67bd-08dd3022a141 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB8440 Content-Type: text/plain; charset="utf-8" Restructure spectre_v2_user to use select/update/apply functions to create consistent vulnerability handling. The ibpb/stibp choices are first decided based on the spectre_v2_user command line but can be modified by the spectre_v2 command line option as well. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 150 +++++++++++++++++++++---------------- 1 file changed, 84 insertions(+), 66 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 66abc398d5b4..849abdc0da91 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -60,6 +60,8 @@ static void __init retbleed_select_mitigation(void); static void __init retbleed_update_mitigation(void); static void __init retbleed_apply_mitigation(void); static void __init spectre_v2_user_select_mitigation(void); +static void __init spectre_v2_user_update_mitigation(void); +static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); @@ -183,11 +185,6 @@ void __init cpu_select_mitigations(void) spectre_v1_select_mitigation(); spectre_v2_select_mitigation(); retbleed_select_mitigation(); - /* - * spectre_v2_user_select_mitigation() relies on the state set by - * retbleed_select_mitigation(); specifically the STIBP selection is - * forced for UNRET or IBPB. - */ spectre_v2_user_select_mitigation(); ssb_select_mitigation(); l1tf_select_mitigation(); @@ -210,6 +207,7 @@ void __init cpu_select_mitigations(void) * choices. */ retbleed_update_mitigation(); + spectre_v2_user_update_mitigation(); mds_update_mitigation(); taa_update_mitigation(); mmio_update_mitigation(); @@ -217,6 +215,7 @@ void __init cpu_select_mitigations(void) =20 spectre_v1_apply_mitigation(); retbleed_apply_mitigation(); + spectre_v2_user_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -1348,6 +1347,8 @@ enum spectre_v2_mitigation_cmd { SPECTRE_V2_CMD_IBRS, }; =20 +static enum spectre_v2_mitigation_cmd spectre_v2_cmd __ro_after_init =3D S= PECTRE_V2_CMD_AUTO; + enum spectre_v2_user_cmd { SPECTRE_V2_USER_CMD_NONE, SPECTRE_V2_USER_CMD_AUTO, @@ -1386,22 +1387,14 @@ static void __init spec_v2_user_print_cond(const ch= ar *reason, bool secure) pr_info("spectre_v2_user=3D%s forced on command line.\n", reason); } =20 -static __ro_after_init enum spectre_v2_mitigation_cmd spectre_v2_cmd; - static enum spectre_v2_user_cmd __init spectre_v2_parse_user_cmdline(void) { char arg[20]; int ret, i; =20 - switch (spectre_v2_cmd) { - case SPECTRE_V2_CMD_NONE: + if (cpu_mitigations_off()) return SPECTRE_V2_USER_CMD_NONE; - case SPECTRE_V2_CMD_FORCE: - return SPECTRE_V2_USER_CMD_FORCE; - default: - break; - } =20 ret =3D cmdline_find_option(boot_command_line, "spectre_v2_user", arg, sizeof(arg)); @@ -1425,65 +1418,73 @@ static inline bool spectre_v2_in_ibrs_mode(enum spe= ctre_v2_mitigation mode) return spectre_v2_in_eibrs_mode(mode) || mode =3D=3D SPECTRE_V2_IBRS; } =20 + static void __init spectre_v2_user_select_mitigation(void) { - enum spectre_v2_user_mitigation mode =3D SPECTRE_V2_USER_NONE; - bool smt_possible =3D IS_ENABLED(CONFIG_SMP); enum spectre_v2_user_cmd cmd; =20 if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) return; =20 - if (cpu_smt_control =3D=3D CPU_SMT_FORCE_DISABLED || - cpu_smt_control =3D=3D CPU_SMT_NOT_SUPPORTED) - smt_possible =3D false; - cmd =3D spectre_v2_parse_user_cmdline(); switch (cmd) { case SPECTRE_V2_USER_CMD_NONE: - goto set_mode; + return; case SPECTRE_V2_USER_CMD_FORCE: - mode =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_AUTO: case SPECTRE_V2_USER_CMD_PRCTL: + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; + break; case SPECTRE_V2_USER_CMD_PRCTL_IBPB: - mode =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; break; case SPECTRE_V2_USER_CMD_SECCOMP: - case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: if (IS_ENABLED(CONFIG_SECCOMP)) - mode =3D SPECTRE_V2_USER_SECCOMP; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_SECCOMP; else - mode =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D spectre_v2_user_ibpb; + break; + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; break; } =20 - /* Initialize Indirect Branch Prediction Barrier */ - if (boot_cpu_has(X86_FEATURE_IBPB)) { - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); + /* + * At this point, an STIBP mode other than "off" has been set. + * If STIBP support is not being forced, check if STIBP always-on + * is preferred. + */ + if (spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT && + boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT_PREFERRED; +} =20 - spectre_v2_user_ibpb =3D mode; - switch (cmd) { - case SPECTRE_V2_USER_CMD_NONE: - break; - case SPECTRE_V2_USER_CMD_FORCE: - case SPECTRE_V2_USER_CMD_PRCTL_IBPB: - case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: - static_branch_enable(&switch_mm_always_ibpb); - spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; - break; - case SPECTRE_V2_USER_CMD_PRCTL: - case SPECTRE_V2_USER_CMD_AUTO: - case SPECTRE_V2_USER_CMD_SECCOMP: - static_branch_enable(&switch_mm_cond_ibpb); - break; - } +static void __init spectre_v2_user_update_mitigation(void) +{ + bool smt_possible =3D IS_ENABLED(CONFIG_SMP); =20 - pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", - static_key_enabled(&switch_mm_always_ibpb) ? - "always-on" : "conditional"); + if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) + return; + + if (cpu_smt_control =3D=3D CPU_SMT_FORCE_DISABLED || + cpu_smt_control =3D=3D CPU_SMT_NOT_SUPPORTED) + smt_possible =3D false; + + /* The spectre_v2 cmd line can override spectre_v2_user options */ + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_NONE; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_NONE; + } else if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_FORCE) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_STRICT; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; } =20 /* @@ -1501,30 +1502,47 @@ spectre_v2_user_select_mitigation(void) if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && - !boot_cpu_has(X86_FEATURE_AUTOIBRS))) + !boot_cpu_has(X86_FEATURE_AUTOIBRS))) { + spectre_v2_user_stibp =3D SPECTRE_V2_USER_NONE; return; + } =20 - /* - * At this point, an STIBP mode other than "off" has been set. - * If STIBP support is not being forced, check if STIBP always-on - * is preferred. - */ - if (mode !=3D SPECTRE_V2_USER_STRICT && - boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) - mode =3D SPECTRE_V2_USER_STRICT_PREFERRED; - - if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_UNRET || - retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) { - if (mode !=3D SPECTRE_V2_USER_STRICT && - mode !=3D SPECTRE_V2_USER_STRICT_PREFERRED) + if (spectre_v2_user_stibp !=3D SPECTRE_V2_USER_NONE && + (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_UNRET || + retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB)) { + if (spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT && + spectre_v2_user_stibp !=3D SPECTRE_V2_USER_STRICT_PREFERRED) pr_info("Selecting STIBP always-on mode to complement retbleed mitigati= on\n"); - mode =3D SPECTRE_V2_USER_STRICT_PREFERRED; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT_PREFERRED; } + pr_info("%s\n", spectre_v2_user_strings[spectre_v2_user_stibp]); +} =20 - spectre_v2_user_stibp =3D mode; +static void __init spectre_v2_user_apply_mitigation(void) +{ + /* Initialize Indirect Branch Prediction Barrier */ + if (boot_cpu_has(X86_FEATURE_IBPB) && + spectre_v2_user_ibpb !=3D SPECTRE_V2_USER_NONE) { + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); =20 -set_mode: - pr_info("%s\n", spectre_v2_user_strings[mode]); + switch (spectre_v2_user_ibpb) { + case SPECTRE_V2_USER_NONE: + break; + case SPECTRE_V2_USER_STRICT: + static_branch_enable(&switch_mm_always_ibpb); + break; + case SPECTRE_V2_USER_PRCTL: + case SPECTRE_V2_USER_SECCOMP: + static_branch_enable(&switch_mm_cond_ibpb); + break; + default: + break; + } + + pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", + static_key_enabled(&switch_mm_always_ibpb) ? + "always-on" : "conditional"); + } } =20 static const char * const spectre_v2_strings[] =3D { --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2041.outbound.protection.outlook.com [40.107.94.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E4992040BD for ; Wed, 8 Jan 2025 20:25:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367950; cv=fail; b=mG2h8katqRDRA0Uk33pCYDxSEOjuGDZlg3ZErxbxc1LYuzf+SVt9obTuRRMRjr/IjL+hhjgfVwBPxSOlG0LR8aNlp07EFnChtbR89BuPEskUbG0sjFkRR44TiRdbDolrW5LP8+zR2DNnu6KNQ5mRklHapBoNPZwOZcXdmTXoGjk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367950; c=relaxed/simple; bh=EGE6KALSx/5HFoVZ1XxglMpWdqpntjLS0WQ5rKnSRjU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JLDEeLJaxu+D/QxsOMLcYXQ0fvIODt8/ekTLT5JvXON4NJhKfQesD6F0yHtMo9m743ffQuf5Wh1aAt7wkbuWlnz4quCZf+m36TakPh4KR272W7t4zr1/Xu+RFEHy3ma3sGAdbU/8A/bfo50YhJnWXbed8ufemPxRnZrpryiGWRQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5CMt3+be; arc=fail smtp.client-ip=40.107.94.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5CMt3+be" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JywbY1Q4EffUpF3vLVmQfbdXB43GJTxzovflcAfJE/r+CGZ0Ku96a2lMeW/1iwlpGLg9HTQSr8kZ9++ZHBgTVDj6ACjyhfpZW4ngIoazR6gHXpVTPagU5G+4NwNXp6/XPIdXO3GXO2RCMrXaCyIF1mq4cCpowJHAYIdkWfot7WVl7aR+od73oZ7HL+cTQxMLiPtVNz+a/zzC/loyaZv2NU8/kMNetgrKj+CGlX1F0Elb3+n8yGpBCsTYTMTfIQgqWdErjtcfJ80X0EGGF/y6qcIxa+QlFT40XKk3FQFjsz50s46aJtrVLhb+woQJRGw6sPGSkS/0Yjw/8mcLiQGpPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+fy1R8TQqKTOjwSeDQsUPRwi2nkjGeN9RL51Saprpas=; b=KAgQ9ncjTyjze1pUSSbqUXlR+px2COFxGj4/5i1Tl5V1Se1kKNSrayMmOTScUkH7eGrR71Nnan8RpCYWn9EEgeqyJyODXIkgMDCBea29esbCp+Pn/rY71rE0gf7bdThqpuYF3fB5IIteu1LxLzNtCASthDEHnvtF0x7cr/26Pc6ddYD3Rn5Z3wrPeYHD+7eUgjG1Fe+hbheaFpgNj18Az8TbFfsWPhOXfPh8tdCJabkatEgWGlKXFUTVLWnTKwWWLlDGW3x8Xeq/dd+gZogQzQBKJU5dZ0ehESnLSOH9s97d9wDtXsmOXv53Gp9xdMaim3vrTxfB20KmfDUec76+bw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+fy1R8TQqKTOjwSeDQsUPRwi2nkjGeN9RL51Saprpas=; b=5CMt3+beDS9ZnpyGrgK+y59EButXk6j7OsvPJrRFiQ8YnV/aRfpOGl7x2IBoZmoCcflPADRrO69OX2su09t0jqR9aZQYv2w3g0tWWSVJaBISAL+i3QwQvogs3kxoToH9m1QMKF48Q4KiUrpAlPPZBL1UGnCHP8Chhf2iauQWu3E= Received: from BL0PR02CA0105.namprd02.prod.outlook.com (2603:10b6:208:51::46) by SA1PR12MB6995.namprd12.prod.outlook.com (2603:10b6:806:24e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:45 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::49) by BL0PR02CA0105.outlook.office365.com (2603:10b6:208:51::46) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:45 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:43 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 14/35] x86/bugs: Restructure bhi mitigation Date: Wed, 8 Jan 2025 14:24:54 -0600 Message-ID: <20250108202515.385902-15-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|SA1PR12MB6995:EE_ X-MS-Office365-Filtering-Correlation-Id: 6d3be825-d73e-431a-c4d3-08dd3022a1bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?YoN7pA8J2FScW22HQ00V88yhG9BsCtxMLeuw9ZvZ6sN7lw6lwfEu2r9IOtP0?= =?us-ascii?Q?8ZOwPlIapAD+e56ULciL0zxMOHW2sP40CnnA70Dc44pOAa9cxb/55QAJ6aXO?= =?us-ascii?Q?t0MMxwETcf5dSLHZTV/VdHYMpJEy91SlksdNk2Cu2c3eKTCS3703IODf4aI8?= =?us-ascii?Q?9Eu/cLt1Z2EaUiDVFAKB58oCz3OiwmPySYKhGpFbxjOK562c0k1A7nrzW5TE?= =?us-ascii?Q?vtuvwqEOdIYDZPcbjNRiQx6447aNluBLcsPxvIIkXp5RloiyDEoYZiFv563o?= =?us-ascii?Q?wdgBcxvOXvp8peXIUOouXumnzGqqLqyY4WCZSHqx/0qFxgD2f4HKlW0JU7zb?= =?us-ascii?Q?pUluC1oEaEbG1Lh81WScEO0cN4WnL4l5XofmreTqQQnrmvxKjZYfw8hqF6z/?= =?us-ascii?Q?Fw4TWIhMhItL6HIPSwYM3Qs+ej9XRjrIiylfCrBtvhmkB7p471c02DtrmhJD?= =?us-ascii?Q?Albz2kZwI85w9xK/qO7aMjfgwXRmir1LliUBWo27eQaRe5Ao+sduUMp9XErt?= =?us-ascii?Q?ve/RSOGEr+ESFd0QFZ1qoOa1g4/G6QBRqOEKgrNO6fuc6qB52T46sicMWL9e?= =?us-ascii?Q?D7rgMy83vNEHcwvoNoLZWlL+RCoMBqMKa++JbMj+dLJdHkDpS/KtUPgUrISM?= =?us-ascii?Q?dlW8OmPwdkHrZKW/xT9G0pnbf/9I9whaIYoIHTltBvnyKAqqK+ouACksbdhQ?= =?us-ascii?Q?PEPDdufjbmHe4uKXuZQ4Z8E0xNu6X8xfG1/ru7J/V621wOx60bPTw8wORl73?= =?us-ascii?Q?4W4ZWt9SM7zvZ4l4G9CJYq4prR4IjEdXLJwZyu5NJ+vJfsquhsmI9ThPoM3f?= =?us-ascii?Q?eSqirFf63ukkJIjP/d8kQsfX6RS8C2oArUQ8yYJBWAOWQUhHQBWxMOHMQb0d?= =?us-ascii?Q?AJsGDFfXC6T/vh8X3ZEAEzWBjkdDlV8U6nQHDzHqwBLux90FEJdv8kpnxb4H?= =?us-ascii?Q?Fg/BToIBXxDfoe7axqAmY3DIef9fJl+LVGY9zhC5ymntCTTM9V4GosfWbqpD?= =?us-ascii?Q?Tuzi8lp+TWkWndpJ6GveBLMZ14JwH5LfLqev7ew9QRq6056zItPe2X6Ydte6?= =?us-ascii?Q?pudzsiJVZDvR2PijJ9jfM3ewHZfUGcqu70g5moDZ/nDYW4IoahtB7F5fXVCL?= =?us-ascii?Q?/TF8wFXd17cYmIbAyCpmnDercOdT0xUsbc6mcfs2TV5yXsC3s1jbxs32D6zi?= =?us-ascii?Q?okYlT/0EY+Uwmmfo+NBDYt91lu0hRwdm3zRsk9AC78zpErXrc57eJ8y1T16s?= =?us-ascii?Q?Ae2i3/zfLxb0JfdINklUCjytgWIBXnDiYoTSFcD4+uueG1C+0Ar8vEMvDmVD?= =?us-ascii?Q?VjHeUn90/albAjJ04K0RRW+Mt0bf5v0pJQDQbN3FhGxd2CjJtSbqj8WrGtJI?= =?us-ascii?Q?eRLyaRQX1kFLTjPY5ZYpjyDLVJ+QNPs0fbQYNiG+qBe+zkB7M9Nj+BM8WgKs?= =?us-ascii?Q?Tehe6aKjGbiLQCsAUpdqpzQuugTZ+mCG4NYlItTIOjYDTZXCyy7l3Q=3D=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:45.6105 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6d3be825-d73e-431a-c4d3-08dd3022a1bf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6995 Content-Type: text/plain; charset="utf-8" Restructure bhi mitigation to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for bhi. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 849abdc0da91..fb92344d63cd 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -82,6 +82,8 @@ static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); static void __init gds_select_mitigation(void); static void __init gds_apply_mitigation(void); +static void __init bhi_select_mitigation(void); +static void __init bhi_apply_mitigation(void); =20 /* The base value of the SPEC_CTRL MSR without task-specific bits set */ u64 x86_spec_ctrl_base; @@ -201,6 +203,7 @@ void __init cpu_select_mitigations(void) */ srso_select_mitigation(); gds_select_mitigation(); + bhi_select_mitigation(); =20 /* * After mitigations are selected, some may need to update their @@ -222,6 +225,7 @@ void __init cpu_select_mitigations(void) rfds_apply_mitigation(); srbds_apply_mitigation(); gds_apply_mitigation(); + bhi_apply_mitigation(); } =20 /* @@ -1759,12 +1763,13 @@ static bool __init spec_ctrl_bhi_dis(void) =20 enum bhi_mitigations { BHI_MITIGATION_OFF, + BHI_MITIGATION_AUTO, BHI_MITIGATION_ON, BHI_MITIGATION_VMEXIT_ONLY, }; =20 static enum bhi_mitigations bhi_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_ON : BHI_MITIG= ATION_OFF; + IS_ENABLED(CONFIG_MITIGATION_SPECTRE_BHI) ? BHI_MITIGATION_AUTO : BHI_MIT= IGATION_OFF; =20 static int __init spectre_bhi_parse_cmdline(char *str) { @@ -1785,6 +1790,15 @@ static int __init spectre_bhi_parse_cmdline(char *st= r) early_param("spectre_bhi", spectre_bhi_parse_cmdline); =20 static void __init bhi_select_mitigation(void) +{ + if (!boot_cpu_has(X86_BUG_BHI) || cpu_mitigations_off()) + bhi_mitigation =3D BHI_MITIGATION_OFF; + + if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) + bhi_mitigation =3D BHI_MITIGATION_ON; +} + +static void __init bhi_apply_mitigation(void) { if (bhi_mitigation =3D=3D BHI_MITIGATION_OFF) return; @@ -1916,9 +1930,6 @@ static void __init spectre_v2_select_mitigation(void) mode =3D=3D SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); =20 - if (boot_cpu_has(X86_BUG_BHI)) - bhi_select_mitigation(); - spectre_v2_enabled =3D mode; pr_info("%s\n", spectre_v2_strings[mode]); =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2051.outbound.protection.outlook.com [40.107.92.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1891A205AC8 for ; Wed, 8 Jan 2025 20:25:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367958; cv=fail; b=WZhX/Di+UOqyZnhQUtXyo31dOVvnUNd4/RUSJRXUwNJdZmlfpQHy2fU+qgfz+AXibF85w00t644TrhgmTIlCOidVA709V/VAFs4fUr/LunRjXtzBjPHVzlQIF4xOVA7DkO1XZcHRelTkyQu9Y7AWtnsclrIAZAwDtPwE3pI/cnQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367958; c=relaxed/simple; bh=OO0PwBsX15Su1hYR3HKp7iafG3IU7lnf5eN0iUMTPmg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TUtgxD31jaIrRvUESkOS6E7H3W43QXwcfYJfkB8kBFIJiqwvpmooALv/Kxh7BDpQp38XQGS7Mwjide8PFYS08R40VHKDbf/LiC5RS8p/e69zFyrszZXHuNLKcj8AB72Iy7G/2L+fi8PmRoKuCZZrdU15YKyrKXNMn0ysGmtabdQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rLfxuiRA; arc=fail smtp.client-ip=40.107.92.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rLfxuiRA" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HQtaT26b2e8Uh6vGp5DbJbozEwDaeu4IQGQftDbdkQ5/GhBuct7p5bbQhS4ekq2XWLQQ5LzlIYFH9uodkRkNWodLLAGhN/ZwW8u6UiJCXqbB2nquS9plSitDsKL5RLNqr4wrZQLv5YbkB/1DgXAC34D+S/5MVrLysHtyCCKPZ3XtqNlHnjAjzFDamhO2KGDhRQYsFaqzGovAgFGa3SjSvJRdC+iMr7SSI19dX7jrYu4mDxMP1IJcG5SEVHk2ygGK/AfUgXxc+HNPn5AdqpnWe2pjJcFJPjkQIGjO5cjH9gUy59rVyR3+G0uU7VBBiqN1c1/pdKsscKnBuUExlbzPCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sIewzWF60ijT7ixtbT8qWwbMEbtFIs8rnhRJZYwksoA=; b=sGuhltv2Z27Dk3Qq22JYZI4qykpGC1z7BiYjGdJHC4Xhjmf3XadVQhd/kdFe0CW4skRvaB4IKSnO81gIpjEAUKvDw05UPQEbAoTzlHYFwiGuZ61D7o4fdAwYJpdUYHr5nOBo3bn/PJ3s4kGGHDqIMjHcebfG8W4o6Qdn+MQQEeemskXKL+GRjsn0YRWKeuxZEHSqcKfdLRfWtCs3gURRYSaS02+Ooo/Kfd8DJsLg3pgOQvGQ2oer7okHtEJl3HMs+LkYpx0mFJXTwsM8T8a6aK/FKr/5IZHxfYFsF/JhMksFXp+j2c2K4i3aVth1Tg2WjsVznQD7BG92WXCU8TdANg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sIewzWF60ijT7ixtbT8qWwbMEbtFIs8rnhRJZYwksoA=; b=rLfxuiRA+bbjC/fyKmcOC5mwAIBIvfHWLOATXwCvVXkf+BJ7/YfVqrPJvGW2AibO4iuT/5NC+roIG+0BLIf0yX8dfdtqHzsGJphzmhXcYoB0yNQ2sO+OyWly2OTn518HqkKJid+0ltAxFqRMSsCKi/lDmgaUcenOacE4DxVgbhY= Received: from SA9PR11CA0029.namprd11.prod.outlook.com (2603:10b6:806:6e::34) by SA3PR12MB7860.namprd12.prod.outlook.com (2603:10b6:806:307::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:46 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::91) by SA9PR11CA0029.outlook.office365.com (2603:10b6:806:6e::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:45 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:43 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 15/35] x86/bugs: Restructure spectre_v2 mitigation Date: Wed, 8 Jan 2025 14:24:55 -0600 Message-ID: <20250108202515.385902-16-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SA3PR12MB7860:EE_ X-MS-Office365-Filtering-Correlation-Id: b57492c1-c5e3-4caa-66af-08dd3022a1d0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?faPAELDuENkLlKg8EmiZ9EP8GhxQYKYJ0TkJw6Zy1I0iQlkRXcku4uQvkmI5?= =?us-ascii?Q?dH7cIBbTQrKEvDOEi1cI1pYivifvVbYdGVmtjI8BgE59/X2EFYnxJVHru1Kr?= =?us-ascii?Q?FRaY05g4tA1e4Yo5n9stt+8VGHbs+RbKemXxEfMJz6MZuKriu7FLieR7ajqu?= =?us-ascii?Q?F575v1tOMEImByezQkfPMimbK/gnuqdL1QufclerZWnLH1XodZ4uVyBA7h4p?= =?us-ascii?Q?bsQp/tRfOGY0tisUm7cI25akXfCxpOMojnaFEYUfVTObJq3r6uq5gRQGiaOO?= =?us-ascii?Q?eY+VuIij6rARdSP1tiC8Rv928GbjJKpwmX/RJgPxBk9uekrrhjjaBBfIoX1E?= =?us-ascii?Q?22rrUWEMUNZRAUMqdh9eJ4XERsb/WKwIzoQgf28v280FcnMnXVm5/Zxfq1/u?= =?us-ascii?Q?O2Oa4hheKxjbr7XLN+G92jPBh3CwvCixtKJLQ3thRAosXN5CTZmxuIKlhiZf?= =?us-ascii?Q?OnHea46+7F5TXJZIT1BEbnwNapPg4JFEVTOb4Swv53FTgGZvAn1YoyascqDz?= =?us-ascii?Q?Aey4EPzMXQLj5ClD/UrUuJKDTWUty/dw1nBYbNhSchY3JAoFgdRNxXBSrPIv?= =?us-ascii?Q?kcjcVCErqDfk54C9ed9Pl/DxAUi6IP4/8qSlaw9Ff5Cy2DUDbteG66ig4SWi?= =?us-ascii?Q?E23MqPn83xtQaun3LiAVfQ98lOJYTWaJw2piZT/uZY944NwEWaptAx//cnAI?= =?us-ascii?Q?4K5CXJMdUuqPlmKquGalRMpfHoJDJf8Tom2nvl4EHhxXf4UrkmolAkVVQFBl?= =?us-ascii?Q?mMBaty//FKfvfz9mG3TFPyH504Siug5JOZXfh1CljSUJS5SgBhKNmcyddkHv?= =?us-ascii?Q?tPZ45bwTY5N2wdtxOfqksAEkRieztCalhfjXHyqTXliqHLyDFj/WpslxGoGt?= =?us-ascii?Q?aFN1Hj0FGAUSJRgdot/O+1wHE/4GwEdvOVxhEJAYyj3a2tBbCVByNDXyYapd?= =?us-ascii?Q?iNJlzr6H9QzPjzT0H/DXqjjeXd1m4A5o+ugT9foPMJdCQcLCBH4jkQOCjbuk?= =?us-ascii?Q?rwD/t/Titf0yDMG6tSQJ6Msl/Eou4OBSDMaf1mb3Td4Hx2+jG9n+kp837x1a?= =?us-ascii?Q?/qpUjk1VnS9rmxdC70SkGB1v53QEqH5snbKrKsdut/hl/m3Be8OydW7jSJ2G?= =?us-ascii?Q?wQGwLJWb/+JVPTodhYrN8VnU2bM/uvYB1eB1ZkfBdxKktzjie812W37ue7Jx?= =?us-ascii?Q?frgv2Y1a1Ixm4DlBtsAlD9wMtXdBXJp820gVM2WHlINcPws1LUMdYGfcv4DY?= =?us-ascii?Q?oTn9PShJv5XyVbi/Yll4clAx2SlN10gtaQ6fzg9DclooGMhh7LTf1OY4mi+d?= =?us-ascii?Q?XEeGmNjzaPu+13Is6zrFjlBe7y9CrRRw4P34F7XmQYWhtfcfp4EEg85oEp1w?= =?us-ascii?Q?QRS2Mab+vivtzwSab4TITqHXsD+EvQef+scpFrBTvps5UAS0hKVY1H1ISuzQ?= =?us-ascii?Q?mJmtolFJs/VN1FRq/YMpWuITAJFpYlMZJAfomp18cc6AfNXvko6UKOk+OHEV?= =?us-ascii?Q?XtlOU2ExXX2zbHw=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:45.7195 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b57492c1-c5e3-4caa-66af-08dd3022a1d0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7860 Content-Type: text/plain; charset="utf-8" Restructure spectre_v2 to use select/update/apply functions to create consistent vulnerability handling. The spectre_v2 mitigation may be updated based on the selected retbleed mitigation. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 65 ++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 21 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index fb92344d63cd..440fe9ee1c63 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -56,6 +56,8 @@ static void __init spectre_v1_select_mitigation(void); static void __init spectre_v1_apply_mitigation(void); static void __init spectre_v2_select_mitigation(void); +static void __init spectre_v2_update_mitigation(void); +static void __init spectre_v2_apply_mitigation(void); static void __init retbleed_select_mitigation(void); static void __init retbleed_update_mitigation(void); static void __init retbleed_apply_mitigation(void); @@ -209,6 +211,7 @@ void __init cpu_select_mitigations(void) * After mitigations are selected, some may need to update their * choices. */ + spectre_v2_update_mitigation(); retbleed_update_mitigation(); spectre_v2_user_update_mitigation(); mds_update_mitigation(); @@ -217,6 +220,7 @@ void __init cpu_select_mitigations(void) rfds_update_mitigation(); =20 spectre_v1_apply_mitigation(); + spectre_v2_apply_mitigation(); retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); mds_apply_mitigation(); @@ -1831,18 +1835,18 @@ static void __init bhi_apply_mitigation(void) =20 static void __init spectre_v2_select_mitigation(void) { - enum spectre_v2_mitigation_cmd cmd =3D spectre_v2_parse_cmdline(); enum spectre_v2_mitigation mode =3D SPECTRE_V2_NONE; + spectre_v2_cmd =3D spectre_v2_parse_cmdline(); =20 /* * If the CPU is not affected and the command line mode is NONE or AUTO * then nothing to do. */ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && - (cmd =3D=3D SPECTRE_V2_CMD_NONE || cmd =3D=3D SPECTRE_V2_CMD_AUTO)) + (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_NONE || spectre_v2_cmd =3D=3D S= PECTRE_V2_CMD_AUTO)) return; =20 - switch (cmd) { + switch (spectre_v2_cmd) { case SPECTRE_V2_CMD_NONE: return; =20 @@ -1886,10 +1890,32 @@ static void __init spectre_v2_select_mitigation(voi= d) break; } =20 - if (mode =3D=3D SPECTRE_V2_EIBRS && unprivileged_ebpf_enabled()) + spectre_v2_enabled =3D mode; +} + +static void __init spectre_v2_update_mitigation(void) +{ + if (spectre_v2_cmd =3D=3D SPECTRE_V2_CMD_AUTO) { + if (IS_ENABLED(CONFIG_MITIGATION_IBRS_ENTRY) && + boot_cpu_has_bug(X86_BUG_RETBLEED) && + retbleed_mitigation !=3D RETBLEED_MITIGATION_NONE && + retbleed_mitigation !=3D RETBLEED_MITIGATION_STUFF && + boot_cpu_has(X86_FEATURE_IBRS) && + boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL) { + spectre_v2_enabled =3D SPECTRE_V2_IBRS; + } + } + + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) && !cpu_mitigations_off()) + pr_info("%s\n", spectre_v2_strings[spectre_v2_enabled]); +} + +static void __init spectre_v2_apply_mitigation(void) +{ + if (spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS && unprivileged_ebpf_enabl= ed()) pr_err(SPECTRE_V2_EIBRS_EBPF_MSG); =20 - if (spectre_v2_in_ibrs_mode(mode)) { + if (spectre_v2_in_ibrs_mode(spectre_v2_enabled)) { if (boot_cpu_has(X86_FEATURE_AUTOIBRS)) { msr_set_bit(MSR_EFER, _EFER_AUTOIBRS); } else { @@ -1898,8 +1924,10 @@ static void __init spectre_v2_select_mitigation(void) } } =20 - switch (mode) { + switch (spectre_v2_enabled) { case SPECTRE_V2_NONE: + return; + case SPECTRE_V2_EIBRS: break; =20 @@ -1925,14 +1953,11 @@ static void __init spectre_v2_select_mitigation(voi= d) * JMPs gets protection against BHI and Intramode-BTI, but RET * prediction from a non-RSB predictor is still a risk. */ - if (mode =3D=3D SPECTRE_V2_EIBRS_LFENCE || - mode =3D=3D SPECTRE_V2_EIBRS_RETPOLINE || - mode =3D=3D SPECTRE_V2_RETPOLINE) + if (spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS_LFENCE || + spectre_v2_enabled =3D=3D SPECTRE_V2_EIBRS_RETPOLINE || + spectre_v2_enabled =3D=3D SPECTRE_V2_RETPOLINE) spec_ctrl_disable_kernel_rrsba(); =20 - spectre_v2_enabled =3D mode; - pr_info("%s\n", spectre_v2_strings[mode]); - /* * If Spectre v2 protection has been enabled, fill the RSB during a * context switch. In general there are two types of RSB attacks @@ -1974,7 +1999,7 @@ static void __init spectre_v2_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switc= h\n"); =20 - spectre_v2_determine_rsb_fill_type_at_vmexit(mode); + spectre_v2_determine_rsb_fill_type_at_vmexit(spectre_v2_enabled); =20 /* * Retpoline protects the kernel, but doesn't protect firmware. IBRS @@ -1982,10 +2007,10 @@ static void __init spectre_v2_select_mitigation(voi= d) * firmware calls only when IBRS / Enhanced / Automatic IBRS aren't * otherwise enabled. * - * Use "mode" to check Enhanced IBRS instead of boot_cpu_has(), because - * the user might select retpoline on the kernel command line and if - * the CPU supports Enhanced IBRS, kernel might un-intentionally not - * enable IBRS around firmware calls. + * Use "spectre_v2_enabled" to check Enhanced IBRS instead of + * boot_cpu_has(), because the user might select retpoline on the kernel + * command line and if the CPU supports Enhanced IBRS, kernel might + * un-intentionally not enable IBRS around firmware calls. */ if (boot_cpu_has_bug(X86_BUG_RETBLEED) && boot_cpu_has(X86_FEATURE_IBPB) && @@ -1997,13 +2022,11 @@ static void __init spectre_v2_select_mitigation(voi= d) pr_info("Enabling Speculation Barrier for firmware calls\n"); } =20 - } else if (boot_cpu_has(X86_FEATURE_IBRS) && !spectre_v2_in_ibrs_mode(mod= e)) { + } else if (boot_cpu_has(X86_FEATURE_IBRS) && + !spectre_v2_in_ibrs_mode(spectre_v2_enabled)) { setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); pr_info("Enabling Restricted Speculation for firmware calls\n"); } - - /* Set up IBPB and STIBP depending on the general spectre V2 command */ - spectre_v2_cmd =3D cmd; } =20 static void update_stibp_msr(void * __unused) --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2063.outbound.protection.outlook.com [40.107.94.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA6E9204C16 for ; Wed, 8 Jan 2025 20:25:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; cv=fail; b=t3SiEv90lmEAV7I76HfYmRUU7n8rrx3b05YYjt1mpb1b0HEFH4jrx3o6WRABJUhhP9qG40TfgPwpgLPPwPrS8Vd4p1cz+vjTpdwVB+uLim3kV6OZEG0UhFyMZu81Q5XnL8igkpsroqgGGW8ROgBQdTQNo1RMJAQMak+wV6W5JVs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; c=relaxed/simple; bh=VnwAg9lEInBhiOCex/n35PSZZpsbopiEOPD5hj7rZQ8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SIrIZ/La1/Xs8h5CWDZE9GYsVtzms1DnrmVUSLmBa/ekQL5wZ+4wdlPhsxwakV7N1H/KFy3msPqRvKDD1m0gcMAgdUu/EVbfTJCuoBqJXWnpuEfBJVfXqEDepjF4E42NuhGwyHtZaBYVGo3fK3gzcN2ivth144X6u9Hji5ILxH4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=pWXFqEp0; arc=fail smtp.client-ip=40.107.94.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="pWXFqEp0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lXfAK3nQCtD4rRjJ99osqxjDvwKBZTTE6ZRaejePm+42Xipuu+UrAP7VV4PuAzvrkvOTl7qE2kLIk8fPaFWMOjhJCY6iIFDNwx+gXzy47DxQxVMGkt0kS9ugPThJ5UCqIcQ2lQwVu4Mem14Ze2qhPFd98MRVC4je5RaZZRcHrBt+qDEe2WvdVorJ5fNv/7jLAyXxRMlhdZXLRi1wbJNcX01YXMxzNRZ87Ogoh3hMvr6eHVFaozoyFptJX+u9ZCL4vAcBRxYyRwEERjBl4vUP6ydT5Yu2zGP2V1I/vep7JxIzgOad9cxgRX7dsYteIa0eZdmYN42XM6qKXgTf2xEbTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gOy7q0bz0jEeuZbSHqxzNEs8CqCB+lKKOgYFDB+v1io=; b=jmc2pE61s8mMrKOHLkf9f4Upcxb9QWqIZJbirGN0kR2BbcRfApJZmmT94L8Rq5oCnociajyIlai2ysoAUc4AoHFe6cGg7UicMDLlhms/7dGSZ8mh+xrm91O7KanzosIasl3AmhalcJozc2LlnbwNZOBITau/XIO1Gbe9hh+idqqaZe7wMP/0X3OaI4irlUHz/SpB/XNrfelNM2OeqEJnqbI3W6aMzSG5uNyd5VKEYL3n4EMAK8Yvq8Y/xWY99bFg9X9W05O74LoHIb+DeaC+G+Utz+R0a5Zi9Ku5KipFGJDardsCM6CGsQC5SD8G3T63nPYp2Cx+JQJu197/rsLWbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gOy7q0bz0jEeuZbSHqxzNEs8CqCB+lKKOgYFDB+v1io=; b=pWXFqEp0glVpg5rDlr4peXAEiS9BS9UNL+8AU+RGY6s0xD/TRx/gmOwg09Xms/FOT+oK/+S8X4Qz7dqH0JEoWRzaUGGI7DrPG8/hZZrlK3AIgl5vKR3Hhv750M5snU72rXgdviHhSLmadgRj9GsnVnoVTfaSIYfez287r8gxx3s= Received: from BL0PR02CA0102.namprd02.prod.outlook.com (2603:10b6:208:51::43) by CH2PR12MB4133.namprd12.prod.outlook.com (2603:10b6:610:7a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:46 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::e3) by BL0PR02CA0102.outlook.office365.com (2603:10b6:208:51::43) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:44 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 16/35] x86/bugs: Restructure ssb mitigation Date: Wed, 8 Jan 2025 14:24:56 -0600 Message-ID: <20250108202515.385902-17-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|CH2PR12MB4133:EE_ X-MS-Office365-Filtering-Correlation-Id: 2408e37f-8912-408a-e7c0-08dd3022a223 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?tPNUSUfLw/pMo2NUZktAnO9geKUjvTyyib5/2MBaNkIk1zwhPfX9NoECTYuE?= =?us-ascii?Q?jgkbr9PT8KMNEHHqYQC1GBOnl+W0BAGRzFgu+yN5ZDCUhyQXNGKdSbFp5xbr?= =?us-ascii?Q?II9LyHwvQrXzd9Zc2nFHrW8coipU5WbUUnC5H7UvbjMvk2f+/jagVTCgqOTn?= =?us-ascii?Q?dlfd43wWYd5aX7EAOpzn5vHY/LK2MIfTiCv7rSaj22sg4T+bQ0Ks3xBw03zs?= =?us-ascii?Q?iBBn1U2c3TIr5SWuN89tjUrD1xhsU23vubhD7DwBzegRr5U2JwKzEIigVF+W?= =?us-ascii?Q?NukELk3pGDzNrE6LP4BiWfGLmR/zgCZYefs0A+yqvJ25MPL9voZYev0B+ilM?= =?us-ascii?Q?7gqvT+PAI0JsrAWwx5IIPhg5hQFAqVGQXFdwC2i6ZMOZXBohh+gjyLOh3ZG5?= =?us-ascii?Q?n9LxeZfpbS4/ZOM3LbDEJcCVEEpj84O9gQX+CTgPhBeux0uOB+giF+J1KFjD?= =?us-ascii?Q?QTTHbNxfy9/XFX8SB5udC24ZykAdX+xSlM5QagpGkSlVvn4/i/TtINfzN8eX?= =?us-ascii?Q?jfAf4IM0sHu9bSVjLH/UdWww5xJoQmaSgu/DUsF8hj+1RKepRBYgzkg6HZJU?= =?us-ascii?Q?mKLcLlaLblBKccWytimCRmq3X3DFIzUbbilDsy9MohEK4NyiLCX98HcIvmU7?= =?us-ascii?Q?XsLBURx+MNr3Iy0OzjsBDY2qPv98Z2lkD0wUcQK/mvX5MlCCgFIDHh+7Y9w6?= =?us-ascii?Q?q94cPmG5AYPUjNxNxuVA1+oKsP0YbLm27PRTcT9ZKys+7hNVJomn/vGearW/?= =?us-ascii?Q?rhPKxLazC69tXjWwQNauMb8jtKOSBj4uZWpP2n+5Iof1qZI7QFottJk2iZIk?= =?us-ascii?Q?m4KIzwToxdJCeY5HTR4H7785ZQWlwlqOgOF46TBuLOuM0oL3s2kELgCBZLBh?= =?us-ascii?Q?O1Z7iDkgHFckiDdXkxzvBLZjFS6030uNVbTSZk3Z8n7JO27X8ljq4evag4k3?= =?us-ascii?Q?0pL9gM1oJ/9otHpD5twA4J+yJk/itJWu8B33QHrdbXaliOL8LvgqM1iUtUX1?= =?us-ascii?Q?8+yGWj23h6hHRG4xSwzBw9oMCoBFmovFXZN+EAHJ1sUERnxEiB5KU0vqLRu4?= =?us-ascii?Q?b8f62sAvLfFo6F7O6+aG2EHrI3VDh+wBcUIUAW0Z39F0i4Z3DUB64xwIKONc?= =?us-ascii?Q?y7+QDIWBG99ivEPwuKkNQADPk2pT8dKqqSTaGy2c6XgDZK1MimcDfAf39Aht?= =?us-ascii?Q?7L9pLicIXRGFeDWtt+D4TmpBqpyuJr3huu4D86Zhx2m49rS4gQrDqZgbsUUV?= =?us-ascii?Q?KMjLDdYt1+aZtDY9myDKJM0hdwvZQDe0MNG4OZmyhhzePaaHqgUtoY2JQIsU?= =?us-ascii?Q?k20y5oITRkF8BBB6U5Xp/Tgag/lfg4gki5OaQlYq1L+1Zm1hvkx0JmJuYM1N?= =?us-ascii?Q?ygdJEApp06jdI6C7hYQ0bDUNFaworpPc5nDE/sTqIo0vM8uWhUaf51BdYMA8?= =?us-ascii?Q?lbb5drEsZ3M2PBkwUHPKE4mhvvPjL0Hrcs1Nb7IuyGgDfLW+kMTiF41xJnKt?= =?us-ascii?Q?NMf+D2X9s6CIbCs=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:46.2668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2408e37f-8912-408a-e7c0-08dd3022a223 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4133 Content-Type: text/plain; charset="utf-8" Restructure ssb to use select/apply functions to create consistent vulnerability handling. Remove __ssb_select_mitigation() and split the functionality between the select/apply functions. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 440fe9ee1c63..b07726a8dd3b 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -65,6 +65,7 @@ static void __init spectre_v2_user_select_mitigation(void= ); static void __init spectre_v2_user_update_mitigation(void); static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); +static void __init ssb_apply_mitigation(void); static void __init l1tf_select_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); @@ -223,6 +224,7 @@ void __init cpu_select_mitigations(void) spectre_v2_apply_mitigation(); retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); + ssb_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -2215,19 +2217,18 @@ static enum ssb_mitigation_cmd __init ssb_parse_cmd= line(void) return cmd; } =20 -static enum ssb_mitigation __init __ssb_select_mitigation(void) +static void ssb_select_mitigation(void) { - enum ssb_mitigation mode =3D SPEC_STORE_BYPASS_NONE; enum ssb_mitigation_cmd cmd; =20 if (!boot_cpu_has(X86_FEATURE_SSBD)) - return mode; + goto out; =20 cmd =3D ssb_parse_cmdline(); if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) && (cmd =3D=3D SPEC_STORE_BYPASS_CMD_NONE || cmd =3D=3D SPEC_STORE_BYPASS_CMD_AUTO)) - return mode; + return; =20 switch (cmd) { case SPEC_STORE_BYPASS_CMD_SECCOMP: @@ -2236,28 +2237,35 @@ static enum ssb_mitigation __init __ssb_select_miti= gation(void) * enabled. */ if (IS_ENABLED(CONFIG_SECCOMP)) - mode =3D SPEC_STORE_BYPASS_SECCOMP; + ssb_mode =3D SPEC_STORE_BYPASS_SECCOMP; else - mode =3D SPEC_STORE_BYPASS_PRCTL; + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; break; case SPEC_STORE_BYPASS_CMD_ON: - mode =3D SPEC_STORE_BYPASS_DISABLE; + ssb_mode =3D SPEC_STORE_BYPASS_DISABLE; break; case SPEC_STORE_BYPASS_CMD_AUTO: case SPEC_STORE_BYPASS_CMD_PRCTL: - mode =3D SPEC_STORE_BYPASS_PRCTL; + ssb_mode =3D SPEC_STORE_BYPASS_PRCTL; break; case SPEC_STORE_BYPASS_CMD_NONE: break; } =20 +out: + if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) + pr_info("%s\n", ssb_strings[ssb_mode]); +} + +static void __init ssb_apply_mitigation(void) +{ /* * We have three CPU feature flags that are in play here: * - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible. * - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass * - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation */ - if (mode =3D=3D SPEC_STORE_BYPASS_DISABLE) { + if (ssb_mode =3D=3D SPEC_STORE_BYPASS_DISABLE) { setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE); /* * Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD may @@ -2272,15 +2280,6 @@ static enum ssb_mitigation __init __ssb_select_mitig= ation(void) } } =20 - return mode; -} - -static void ssb_select_mitigation(void) -{ - ssb_mode =3D __ssb_select_mitigation(); - - if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS)) - pr_info("%s\n", ssb_strings[ssb_mode]); } =20 #undef pr_fmt --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2050.outbound.protection.outlook.com [40.107.92.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFC052046B5 for ; Wed, 8 Jan 2025 20:25:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367951; cv=fail; b=OVx42j3cHC2T6uwbd4L1ltAgcc7yEc5STwB/FyqWc45+FZP4dQ/lDrpeEMueiI71J7bU8DhBNZspGkhKGvDyxat7JyBqAsDadLWmqOr/ZN+ex0762ayhphhqVFof4qBEcLjF6RerS8UhQiWUC77WcmfO8hSehWXk1zuoU1logME= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367951; c=relaxed/simple; bh=4HdcrdFRg9VTorhE7AsaIGDMJnHfTN4sPMWRGeR1NPw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SzVnKdHWZHZ1RgZbspSAol40+n8EQMO0CPQ6zi3QUTkB3sPtYfwEvhUOhQDjSuxewGxlc83TFScxCffZYno+TcOhOQy2vu94Zfu/aVvLHFlKzxkspcMP5DE0w7G1lnIBWQZz2JXuaL+rPz0P/iPOjSo2tYkUkEIQnJSQo1gB+8w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=d6Pc/z6c; arc=fail smtp.client-ip=40.107.92.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="d6Pc/z6c" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DQefO+0AC5pHWtRHns+nvfARypGNZPhVo6uLWuiY1Ch5b4x+jcr2EOttOHbcnR/Ywqz6Y5xdGl7B+nIqT3ayw3QxRXyELu6YdaYzCCMhpc+ODsKwJqIfoJymLiorhGkkjppDR5jyp/u/xp1qO+E7BIB2YzazHTAgp/UVtk0nhhAvkFyXfpKSjQM03Y+ZOEjlcKwJpIPsvo0AUfj2GI9wPk1+jmKafgrdQI8+NrR6+0EplhNlbulnVgiI6mTrBPHvzSVaKW70hJuucm4x0OEqjRUKxWq3r3rNU0NZznxbdl4z8yUiCsYEiqHCTPRktlkzrPEfwyULPB7zq+nTY9Pqiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=72xs0zn+iEo5hXDJf94HQku5Dl8Mteg16nRIWkuLsmo=; b=vni6UoI7IwDA+3UUbu1lHPixQkRhPM1SpkV1O/obAdyOE1xdMcoFv4nnzccwb3CjmEFxIgihfkEE6N1Mb7TRxxqLmqKboX2HZ610ou8aw+zxqedg2fXVhvY6gZ8pYqIx90pXDugCZk3n3EBQCpWD6+BwMdzBBtkA1X7XZeduBRZhZxGvrfAJMmsv+e7KrMpUEFY2/46iP7VIf2B/E5wBb59NhfqMjk/7vXYYnmXlSpKIIF5Wo8+mYUtkrFM+FBG+Lky1fh2lbg34Zp0ny41APNXpM5UWDg8BwtQM5QkcfIv3v5Vo0YJTVMjGmwSGqkp6jDepVOmmf3mkEYSbaaksPg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=72xs0zn+iEo5hXDJf94HQku5Dl8Mteg16nRIWkuLsmo=; b=d6Pc/z6cvkqxSpVs5Jkk1p0gNMDY92ZGxANCw8FUZ0W+uRHRDtk47O2f3X9qGRT6z1aJJQVvxxRu9BbXtcApaKTH6v6VU7nZh7jLLBx4kDj3vnmSEAEQCpzYtPzSf1ykIKkzMwlz0WeD8bB/DZ/NSpk8HRM0+zlmorLtENUNwOk= Received: from SA9PR11CA0005.namprd11.prod.outlook.com (2603:10b6:806:6e::10) by SN7PR12MB7202.namprd12.prod.outlook.com (2603:10b6:806:2a9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:46 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::fc) by SA9PR11CA0005.outlook.office365.com (2603:10b6:806:6e::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:45 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 17/35] x86/bugs: Restructure l1tf mitigation Date: Wed, 8 Jan 2025 14:24:57 -0600 Message-ID: <20250108202515.385902-18-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SN7PR12MB7202:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ed14aed-97ad-4419-d8d8-08dd3022a223 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?9OQiIcdycV2bU/tIFriLV89PctHrr3qDPzrJI4Vfz+h+TTw79sXhGSMcIr06?= =?us-ascii?Q?S80O407ZzJ1fqcDHZ1odZEnTlWzop9h3xSSS7ENAaxjMTSOX8WueMigfNqGV?= =?us-ascii?Q?/skGfT/rv046IjaEkHAUctnvchODjwBgkrfqY3rGxvMqFZ/qYzYLQzmLo1z7?= =?us-ascii?Q?To53JpEdODYyrGGDZYshteWiJ2ZKDKZhELEIvjqzADaDOCIuX8earDYfzBO8?= =?us-ascii?Q?Pb9LKexemCe1y4WlYtb546AmSKYkCxIhcusuPQGgp7S999QcRSwBVJvsUsVy?= =?us-ascii?Q?5u0vUI5b7wCxRw4zbM+IYEKUt00+YD0NvC65ckqXh2rnt5bd+Z0NF3BJjMcT?= =?us-ascii?Q?iaK0MgFzbGpYCYPKgaJQSWtn/zBrivUzSRsKUW6k29Oxr8sTYHSCurssWgqY?= =?us-ascii?Q?mHPGDTa5Njshq/KKgqEw9Q3WUf5HiMNDFw/6ElvpeCYDaLKo4NpsSZgMESKk?= =?us-ascii?Q?UP25CiFA3BTsdhzfi+bomjdDdutVb37aVVfSs/ZAKrBFp5JP+sdCc12LGydk?= =?us-ascii?Q?Jos+LoRY30dn1rmWuuGYMBOvhPiq3kxEs+y5O1mwJXxqUDLGvdn77/m3v5YX?= =?us-ascii?Q?/eCyS1CWPz5iLMiju8Onr1ABXM7SXoXDV05/qKgAheQmr/S9IoxY0Y9XQaJS?= =?us-ascii?Q?qyWPkMHgz5JylzNhSlKRoiS5bBhES5KsJIZQAnJA31Yx5n+5QTcYGu1/xIpk?= =?us-ascii?Q?EOkRBp9JNcr8cMdMYuHI4uZ/KV9ZQrMBjBMuPwwmMfTu/qmWXu4iMigZib+a?= =?us-ascii?Q?y8YErQ4x0vjM6geCcghqLETNXDW9BoUxcSiskVsQVX4Yb3EAmXRS90KJ5HC9?= =?us-ascii?Q?KBffGtC3fhhglHE6ioFpbYaqs10oiAyl91dkO1t/ufu3uwgXID8TBF1gwopx?= =?us-ascii?Q?i/OIlxqIdzE1jnJt34EMsyxfbA3a+2jI5uEnt7R0GihFuXQMj4UzDGAQK3+R?= =?us-ascii?Q?vovNKM/+W4shZwzdSCo8VWvR20CLCEltELAE2lc4bPDAsClMTK+3WHKtslLL?= =?us-ascii?Q?RXlG8e3xU6q8JImiiFb3y2xr9KruLjkmICX2seoVPmE9BWm2npDVvXXASm8v?= =?us-ascii?Q?LBJ6JOV7EQ6Q0npi1isP6XbUDEtP5pBu5yk8rKfiATguGLtLdmrqI4I0TQDM?= =?us-ascii?Q?0HVlpRL8yvFzZx0AYR5Qas8ku4AM2OizUrSpmoUGjI/PEr65IJO+qSaHwnvt?= =?us-ascii?Q?mNxs0fuzcOlqMRWfGxmp8P4t8ZufSnT6qtqTI7X0K0HvDiQDz35fB05C5RSj?= =?us-ascii?Q?jCFL6LsOqq6HYs8wKkaPWlMydJ+rVFTOWypNLu1Y1IUfJSeLobnVuJFWvGYX?= =?us-ascii?Q?ffOa3Kfxwhd4HtM6wndE75znPSBYS9X/w8LOZUaeaac0OKZZfhqf7c/6u5M9?= =?us-ascii?Q?d3dvSDlZNpN45UA2UxPMYn+YkiyPYcnxtIzr4cgVZMIgP8PNJgTzeKQ3wCe9?= =?us-ascii?Q?SQl8zahj5PD6T45/fJA06+M4ulJzFpjedHGd/eRAdVKEwN/osRgxMwiUYkXp?= =?us-ascii?Q?rj1N3DT9Wvkv/6U=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:46.2664 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ed14aed-97ad-4419-d8d8-08dd3022a223 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7202 Content-Type: text/plain; charset="utf-8" Restructure l1tf to use select/apply functions to create consistent vulnerability handling. Define new AUTO mitigation for l1tf. Signed-off-by: David Kaplan --- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/bugs.c | 27 +++++++++++++++++++++------ arch/x86/kvm/vmx/vmx.c | 2 ++ 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/proces= sor.h index 90278d0c071b..57760b0d553e 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -746,6 +746,7 @@ void store_cpu_caps(struct cpuinfo_x86 *info); =20 enum l1tf_mitigations { L1TF_MITIGATION_OFF, + L1TF_MITIGATION_AUTO, L1TF_MITIGATION_FLUSH_NOWARN, L1TF_MITIGATION_FLUSH, L1TF_MITIGATION_FLUSH_NOSMT, diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index b07726a8dd3b..08ac515df888 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -67,6 +67,7 @@ static void __init spectre_v2_user_apply_mitigation(void); static void __init ssb_select_mitigation(void); static void __init ssb_apply_mitigation(void); static void __init l1tf_select_mitigation(void); +static void __init l1tf_apply_mitigation(void); static void __init mds_select_mitigation(void); static void __init mds_update_mitigation(void); static void __init mds_apply_mitigation(void); @@ -225,6 +226,7 @@ void __init cpu_select_mitigations(void) retbleed_apply_mitigation(); spectre_v2_user_apply_mitigation(); ssb_apply_mitigation(); + l1tf_apply_mitigation(); mds_apply_mitigation(); taa_apply_mitigation(); mmio_apply_mitigation(); @@ -2535,7 +2537,7 @@ EXPORT_SYMBOL_GPL(itlb_multihit_kvm_mitigation); =20 /* Default mitigation for L1TF-affected CPUs */ enum l1tf_mitigations l1tf_mitigation __ro_after_init =3D - IS_ENABLED(CONFIG_MITIGATION_L1TF) ? L1TF_MITIGATION_FLUSH : L1TF_MITIGAT= ION_OFF; + IS_ENABLED(CONFIG_MITIGATION_L1TF) ? L1TF_MITIGATION_AUTO : L1TF_MITIGATI= ON_OFF; #if IS_ENABLED(CONFIG_KVM_INTEL) EXPORT_SYMBOL_GPL(l1tf_mitigation); #endif @@ -2582,23 +2584,36 @@ static void override_cache_bits(struct cpuinfo_x86 = *c) } =20 static void __init l1tf_select_mitigation(void) +{ + if (!boot_cpu_has_bug(X86_BUG_L1TF) || cpu_mitigations_off()) { + l1tf_mitigation =3D L1TF_MITIGATION_OFF; + return; + } + + if (l1tf_mitigation =3D=3D L1TF_MITIGATION_AUTO) { + if (cpu_mitigations_auto_nosmt()) + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; + else + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + } + +} + +static void __init l1tf_apply_mitigation(void) { u64 half_pa; =20 if (!boot_cpu_has_bug(X86_BUG_L1TF)) return; =20 - if (cpu_mitigations_off()) - l1tf_mitigation =3D L1TF_MITIGATION_OFF; - else if (cpu_mitigations_auto_nosmt()) - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; - override_cache_bits(&boot_cpu_data); =20 switch (l1tf_mitigation) { case L1TF_MITIGATION_OFF: + return; case L1TF_MITIGATION_FLUSH_NOWARN: case L1TF_MITIGATION_FLUSH: + case L1TF_MITIGATION_AUTO: break; case L1TF_MITIGATION_FLUSH_NOSMT: case L1TF_MITIGATION_FULL: diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 893366e53732..99bdb9341be0 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -273,6 +273,7 @@ static int vmx_setup_l1d_flush(enum vmx_l1d_flush_state= l1tf) case L1TF_MITIGATION_OFF: l1tf =3D VMENTER_L1D_FLUSH_NEVER; break; + case L1TF_MITIGATION_AUTO: case L1TF_MITIGATION_FLUSH_NOWARN: case L1TF_MITIGATION_FLUSH: case L1TF_MITIGATION_FLUSH_NOSMT: @@ -7643,6 +7644,7 @@ int vmx_vm_init(struct kvm *kvm) case L1TF_MITIGATION_FLUSH_NOWARN: /* 'I explicitly don't care' is set */ break; + case L1TF_MITIGATION_AUTO: case L1TF_MITIGATION_FLUSH: case L1TF_MITIGATION_FLUSH_NOSMT: case L1TF_MITIGATION_FULL: --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2068.outbound.protection.outlook.com [40.107.95.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C01D20371E for ; Wed, 8 Jan 2025 20:25:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367956; cv=fail; b=s4JnUEZfmhh2SxKeQhdHIwxtLZeOp8iAwNr+PtwXObT2IGTelEEVuFyXa8JGubSp9jpIyvZl2WbHCqLr0LpOaMTPbCMnw+Ijp/dSeF1xI+yzZZ6322bx5GLs/Lc/x91gp9LRnya/M/XY8LVGep+J7R9FClyY26vlxNm2rfgmEGc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367956; c=relaxed/simple; bh=tanGygiVgOBjaLjNZw96wp0lRwp6ANls7ltUNnAiilg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L33bFqR0CGxuj0mRme/qek19X/uZ5SORaq2NyB+6GtpF5mlbmv37uFRxHG675oRK/iDqeDb+G9UCgmwM6QwlUZF/999PDKDVSRTDv2bO73n10nB3NgNmHGEJQjMm0H0Ou2hEBDNv9VetW4ZezA3refmKpxryuxqLpCEvXCK5qBw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JF7rvzVn; arc=fail smtp.client-ip=40.107.95.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JF7rvzVn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nuAP7jZKPSkgp4Oca8QD/ZtMIS4jzv4a2oslwFI/zVve8KLAna4jL/ME3EaNmv8du6cLwpArKqQB8siL9ID6+IEYnCiUQC4q5s0i86e1b3wMCmheFVKMLxQhp0DbcB80vMYDHlGW6LqXz53UuYNBf1tPLLSgFHQoSPz/fAp92GnvsbXPA4iqk25YAGQjiy4DJmFRXjT5BXLErdghvFWwOkQQmYSMUuk/HqX8oBmmzkFlYKGkg/03XxYcYuNLyc3/feqZn/bcTb3L1OIDVPAU47mk9G7rVVmP1ZW0dha+FJkhtfnryOrkBtA+iUbB4RXqWT4+QDPFInooAZZ4CiFQQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Whd+Q/b7Y/Ez9j46JZT7Sw33QoCr1QMINHHDlEsYcvE=; b=SYvCnyoJY/KXrjEc6fPPSScMz3OWtO94beCeBFdOwKb+GBATL48RmX0EHjePbClfO6jszSyLs/AppjJFSg9vKt+HFyAQlrsGePxT7HoH+wwueKe3tWEQhzbpTeSZ4ZpBaDLlTGXl2gmUtDyZbpHWz4xXtLNVLfuo5Bk1lsIBqacYhlgqm9Voau3DG1z1GHbxI+0oBkR9IkSFIFXjR3CAnRCFimTJou3q6VvYAp4s3GoxU9Sq6OOHqDct57A9p+ZD1ag5RvSLBku8Um6RYZwFNjCT1Z6o1uQcH38dx3ypH1l7DpFXD0wAbS60v+b9PDX0OOvja0E708xVCqB6PTQR7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Whd+Q/b7Y/Ez9j46JZT7Sw33QoCr1QMINHHDlEsYcvE=; b=JF7rvzVnTTdLRq/1YFXk0MMzbHgNn4h8trVvJpO7i9U6ez/K+177EAN7/qj+IoZipqtVhLNmiHpf40oAxgCdTU70sCesS+fjolFBsklb9SkE1DA1DNwjiqgsRXN8r+2Obc+EBDx8mpLAmNJ4ocMsdpJF7T7ibcp82hx1++oDLYs= Received: from SA9PR11CA0019.namprd11.prod.outlook.com (2603:10b6:806:6e::24) by IA1PR12MB8496.namprd12.prod.outlook.com (2603:10b6:208:446::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Wed, 8 Jan 2025 20:25:47 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::95) by SA9PR11CA0019.outlook.office365.com (2603:10b6:806:6e::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:46 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:45 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 18/35] x86/bugs: Restructure srso mitigation Date: Wed, 8 Jan 2025 14:24:58 -0600 Message-ID: <20250108202515.385902-19-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|IA1PR12MB8496:EE_ X-MS-Office365-Filtering-Correlation-Id: 847f98c9-a941-4df1-8673-08dd3022a272 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HYkhV35k02COKLzZ2D15kHNgx8Y3CUZHpWw1Q6W7iKHJ5FaRMa1vB67jtKvq?= =?us-ascii?Q?gEF+OP5JN0b/LVvQbprV/7nAHUMG571ESHC5kVutoicpDcrZROKgkTfYxwoZ?= =?us-ascii?Q?WepQqD2VS3fcT8k82QwCafVGLCRkjbFo3oZCef14Pe6bRsw0T7y62QXZsIKt?= =?us-ascii?Q?mwRMaodw9KLBOrrgre7/WWlFy+iY2YAboN8AMYax4PlzuiNM/2hjKc2Oy5Zf?= =?us-ascii?Q?HPc5zXksVxmj/js6ALP0MxywAwfgPLWhz2Z/DxXDkyrcEhfcGtpwoB3FkKsx?= =?us-ascii?Q?XkbovxmHpdIFZnY9orNeYL9Zyv50g19zLJd9kU8k+3kvi3S2sxVei11SauIg?= =?us-ascii?Q?YK4rA81v6uCd6JXTZCcpPOYKTPBLMSLjv2+RjhSeBEErAOp74SFaHRy9LXyQ?= =?us-ascii?Q?C3S45v+Uit/mggA6Y7oqROs91uVd/k7l3x7kzz3+bIjATLxppaLtFxIEqK5n?= =?us-ascii?Q?NZbMoNXdPrSfy8deROiRiu2vYnFnSaAMMDQiQGzPh93C96EcoezOTb020ptO?= =?us-ascii?Q?yJbTrW57Qkl5ML1xgw47Li1D3GD+vYO3c+AiiFljxeDUnTxHrEP4lxCC29RY?= =?us-ascii?Q?Hm7zYJHyyXgu3SEXKvSsHJQLbr/iJ2ykbxjMyKt+gGly/7i6XVgHYcGtcFh6?= =?us-ascii?Q?Pkcf5IVuSRgMyX5T19TgTg0LPaSlmhUyrbTeeeyPoARCEFTdKl7j7I4JfDGu?= =?us-ascii?Q?e09UBBraczm/mkkPCQR/oNyYHERuNHaGAcwr+Lb7k4hNL/DI76u6uCB1AiZ9?= =?us-ascii?Q?Cr5HPkSykgtqZ64NeV2qLgRLsCHbF4JTrNdxgcWUR4+T4+xOgejdiIdEbZ+0?= =?us-ascii?Q?edUZ9MTpKd0AuyuZ8hMvP/o/fQtQkfCDp/LVEgxT00wKOm+oZyqfNEu4YyuI?= =?us-ascii?Q?GG4wYynDDPIrRhnpiipli3tocRj1vNpZ4o+nrnGUo7DV9+x8x/VWQKPJlYjs?= =?us-ascii?Q?ejSsuW7vKBUlr1ENJdruWVqyxI3M730qEoS6tcfjCoxeuR3RI9hIxAMG3KYx?= =?us-ascii?Q?MQ3qqJMEB66cpRJ7IsiLZ5TUBlnpemBqDUlFZvrZR/OEM0zgXQMqTMlgKh07?= =?us-ascii?Q?QWGHfELqB/maJ2e/QHHTNcLukdRGdX+PhTJI40xnOG08PBPq+lBtM4UZC832?= =?us-ascii?Q?0yRj2MWq0gxwGPKsqy4PMW1mslj8RKnbtUjmBsNEQjqPYQi7YdEnri86Z2xk?= =?us-ascii?Q?RGqFImEX15ztysSUSUGVIGS7IaofnCHisTyKMU7ZCgLu40FqYVF5Uvvkvtg0?= =?us-ascii?Q?B674Zg7eK5U6qX4In4wCYspf0ABbq3wi8ModkzJWKQA0WiVqTYUtE2fGdlkP?= =?us-ascii?Q?7eYavGpQ/rBqaBy6Aw1RelR67aVQ6WJ+p3lvS5y51K+GndhdqgmacxhqAqjX?= =?us-ascii?Q?NFSFZeYHhYA8J0x0WBsfM0KhsP8FYg/7UAQAqbcDxamwO2EtDAtjCBIyVMqU?= =?us-ascii?Q?7k3DKogni2LhIqneHA1eNfhzx74H45wTAdYo9MA2Lncfufc66QoDL1wke23e?= =?us-ascii?Q?9ObS734dJK/bCnU=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:46.7820 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 847f98c9-a941-4df1-8673-08dd3022a272 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8496 Content-Type: text/plain; charset="utf-8" Restructure srso to use select/update/apply functions to create consistent vulnerability handling. Like with retbleed, the command line options directly select mitigations which can later be modified. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 188 ++++++++++++++++++------------------- 1 file changed, 90 insertions(+), 98 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 08ac515df888..aee2945bdef9 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -84,6 +84,8 @@ static void __init srbds_select_mitigation(void); static void __init srbds_apply_mitigation(void); static void __init l1d_flush_select_mitigation(void); static void __init srso_select_mitigation(void); +static void __init srso_update_mitigation(void); +static void __init srso_apply_mitigation(void); static void __init gds_select_mitigation(void); static void __init gds_apply_mitigation(void); static void __init bhi_select_mitigation(void); @@ -200,11 +202,6 @@ void __init cpu_select_mitigations(void) rfds_select_mitigation(); srbds_select_mitigation(); l1d_flush_select_mitigation(); - - /* - * srso_select_mitigation() depends and must run after - * retbleed_select_mitigation(). - */ srso_select_mitigation(); gds_select_mitigation(); bhi_select_mitigation(); @@ -220,6 +217,7 @@ void __init cpu_select_mitigations(void) taa_update_mitigation(); mmio_update_mitigation(); rfds_update_mitigation(); + srso_update_mitigation(); =20 spectre_v1_apply_mitigation(); spectre_v2_apply_mitigation(); @@ -232,6 +230,7 @@ void __init cpu_select_mitigations(void) mmio_apply_mitigation(); rfds_apply_mitigation(); srbds_apply_mitigation(); + srso_apply_mitigation(); gds_apply_mitigation(); bhi_apply_mitigation(); } @@ -2673,6 +2672,7 @@ early_param("l1tf", l1tf_cmdline); =20 enum srso_mitigation { SRSO_MITIGATION_NONE, + SRSO_MITIGATION_AUTO, SRSO_MITIGATION_UCODE_NEEDED, SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED, SRSO_MITIGATION_MICROCODE, @@ -2681,14 +2681,6 @@ enum srso_mitigation { SRSO_MITIGATION_IBPB_ON_VMEXIT, }; =20 -enum srso_mitigation_cmd { - SRSO_CMD_OFF, - SRSO_CMD_MICROCODE, - SRSO_CMD_SAFE_RET, - SRSO_CMD_IBPB, - SRSO_CMD_IBPB_ON_VMEXIT, -}; - static const char * const srso_strings[] =3D { [SRSO_MITIGATION_NONE] =3D "Vulnerable", [SRSO_MITIGATION_UCODE_NEEDED] =3D "Vulnerable: No microcode", @@ -2699,8 +2691,7 @@ static const char * const srso_strings[] =3D { [SRSO_MITIGATION_IBPB_ON_VMEXIT] =3D "Mitigation: IBPB on VMEXIT only" }; =20 -static enum srso_mitigation srso_mitigation __ro_after_init =3D SRSO_MITIG= ATION_NONE; -static enum srso_mitigation_cmd srso_cmd __ro_after_init =3D SRSO_CMD_SAFE= _RET; +static enum srso_mitigation srso_mitigation __ro_after_init =3D SRSO_MITIG= ATION_AUTO; =20 static int __init srso_parse_cmdline(char *str) { @@ -2708,15 +2699,15 @@ static int __init srso_parse_cmdline(char *str) return -EINVAL; =20 if (!strcmp(str, "off")) - srso_cmd =3D SRSO_CMD_OFF; + srso_mitigation =3D SRSO_MITIGATION_NONE; else if (!strcmp(str, "microcode")) - srso_cmd =3D SRSO_CMD_MICROCODE; + srso_mitigation =3D SRSO_MITIGATION_MICROCODE; else if (!strcmp(str, "safe-ret")) - srso_cmd =3D SRSO_CMD_SAFE_RET; + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; else if (!strcmp(str, "ibpb")) - srso_cmd =3D SRSO_CMD_IBPB; + srso_mitigation =3D SRSO_MITIGATION_IBPB; else if (!strcmp(str, "ibpb-vmexit")) - srso_cmd =3D SRSO_CMD_IBPB_ON_VMEXIT; + srso_mitigation =3D SRSO_MITIGATION_IBPB_ON_VMEXIT; else pr_err("Ignoring unknown SRSO option (%s).", str); =20 @@ -2730,13 +2721,14 @@ static void __init srso_select_mitigation(void) { bool has_microcode =3D boot_cpu_has(X86_FEATURE_IBPB_BRTYPE); =20 - if (!boot_cpu_has_bug(X86_BUG_SRSO) || - cpu_mitigations_off() || - srso_cmd =3D=3D SRSO_CMD_OFF) { - if (boot_cpu_has(X86_FEATURE_SBPB)) - x86_pred_cmd =3D PRED_CMD_SBPB; + if (!boot_cpu_has_bug(X86_BUG_SRSO) || cpu_mitigations_off()) + srso_mitigation =3D SRSO_MITIGATION_NONE; + + if (srso_mitigation =3D=3D SRSO_MITIGATION_NONE) return; - } + + if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; =20 if (has_microcode) { /* @@ -2749,98 +2741,98 @@ static void __init srso_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_SRSO_NO); return; } - - if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) { - srso_mitigation =3D SRSO_MITIGATION_IBPB; - goto out; - } } else { pr_warn("IBPB-extending microcode not applied!\n"); pr_warn(SRSO_NOTICE); =20 - /* may be overwritten by SRSO_CMD_SAFE_RET below */ - srso_mitigation =3D SRSO_MITIGATION_UCODE_NEEDED; + /* Fall-back to Safe-RET */ + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED; } =20 - switch (srso_cmd) { - case SRSO_CMD_MICROCODE: - if (has_microcode) { - srso_mitigation =3D SRSO_MITIGATION_MICROCODE; - pr_warn(SRSO_NOTICE); - } + switch (srso_mitigation) { + case SRSO_MITIGATION_MICROCODE: break; =20 - case SRSO_CMD_SAFE_RET: - if (boot_cpu_has(X86_FEATURE_SRSO_USER_KERNEL_NO)) - goto ibpb_on_vmexit; - - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - /* - * Enable the return thunk for generated code - * like ftrace, static_call, etc. - */ - setup_force_cpu_cap(X86_FEATURE_RETHUNK); - setup_force_cpu_cap(X86_FEATURE_UNRET); - - if (boot_cpu_data.x86 =3D=3D 0x19) { - setup_force_cpu_cap(X86_FEATURE_SRSO_ALIAS); - x86_return_thunk =3D srso_alias_return_thunk; - } else { - setup_force_cpu_cap(X86_FEATURE_SRSO); - x86_return_thunk =3D srso_return_thunk; - } - if (has_microcode) - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; - else - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED; - } else { + case SRSO_MITIGATION_SAFE_RET: + case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED: + if (!IS_ENABLED(CONFIG_MITIGATION_SRSO)) pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + else if (boot_cpu_has(X86_FEATURE_SRSO_USER_KERNEL_NO)) + srso_mitigation =3D SRSO_MITIGATION_IBPB_ON_VMEXIT; break; =20 - case SRSO_CMD_IBPB: - if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) { - if (has_microcode) { - setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); - srso_mitigation =3D SRSO_MITIGATION_IBPB; - - /* - * IBPB on entry already obviates the need for - * software-based untraining so clear those in case some - * other mitigation like Retbleed has selected them. - */ - setup_clear_cpu_cap(X86_FEATURE_UNRET); - setup_clear_cpu_cap(X86_FEATURE_RETHUNK); - } - } else { + case SRSO_MITIGATION_IBPB: + if (!IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY)) pr_err("WARNING: kernel not compiled with MITIGATION_IBPB_ENTRY.\n"); - } break; =20 -ibpb_on_vmexit: - case SRSO_CMD_IBPB_ON_VMEXIT: - if (IS_ENABLED(CONFIG_MITIGATION_SRSO)) { - if (!boot_cpu_has(X86_FEATURE_ENTRY_IBPB) && has_microcode) { - setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); - srso_mitigation =3D SRSO_MITIGATION_IBPB_ON_VMEXIT; - - /* - * There is no need for RSB filling: entry_ibpb() ensures - * all predictions, including the RSB, are invalidated, - * regardless of IBPB implementation. - */ - setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); - } - } else { + case SRSO_MITIGATION_IBPB_ON_VMEXIT: + if (!IS_ENABLED(CONFIG_MITIGATION_SRSO)) pr_err("WARNING: kernel not compiled with MITIGATION_SRSO.\n"); - } + break; + default: + break; + } +} + +static void __init srso_update_mitigation(void) +{ + /* If retbleed is using IBPB, that works for SRSO as well */ + if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_IBPB) + srso_mitigation =3D SRSO_MITIGATION_IBPB; + + if (srso_mitigation !=3D SRSO_MITIGATION_NONE) + pr_info("%s\n", srso_strings[srso_mitigation]); +} + +static void __init srso_apply_mitigation(void) +{ + if (srso_mitigation =3D=3D SRSO_MITIGATION_NONE) { + if (boot_cpu_has(X86_FEATURE_SBPB)) + x86_pred_cmd =3D PRED_CMD_SBPB; + return; + } + switch (srso_mitigation) { + case SRSO_MITIGATION_SAFE_RET: + case SRSO_MITIGATION_SAFE_RET_UCODE_NEEDED: + /* + * Enable the return thunk for generated code + * like ftrace, static_call, etc. + */ + setup_force_cpu_cap(X86_FEATURE_RETHUNK); + setup_force_cpu_cap(X86_FEATURE_UNRET); + + if (boot_cpu_data.x86 =3D=3D 0x19) { + setup_force_cpu_cap(X86_FEATURE_SRSO_ALIAS); + x86_return_thunk =3D srso_alias_return_thunk; + } else { + setup_force_cpu_cap(X86_FEATURE_SRSO); + x86_return_thunk =3D srso_return_thunk; + } + break; + case SRSO_MITIGATION_IBPB: + setup_force_cpu_cap(X86_FEATURE_ENTRY_IBPB); + /* + * IBPB on entry already obviates the need for + * software-based untraining so clear those in case some + * other mitigation like Retbleed has selected them. + */ + setup_clear_cpu_cap(X86_FEATURE_UNRET); + setup_clear_cpu_cap(X86_FEATURE_RETHUNK); + break; + case SRSO_MITIGATION_IBPB_ON_VMEXIT: + setup_force_cpu_cap(X86_FEATURE_IBPB_ON_VMEXIT); + /* + * There is no need for RSB filling: entry_ibpb() ensures + * all predictions, including the RSB, are invalidated, + * regardless of IBPB implementation. + */ + setup_clear_cpu_cap(X86_FEATURE_RSB_VMEXIT); break; default: break; } =20 -out: - pr_info("%s\n", srso_strings[srso_mitigation]); } =20 #undef pr_fmt --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2064.outbound.protection.outlook.com [40.107.100.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4479E204F9B for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; cv=fail; b=D42I/VWKnntZSIWhAp7Xermt5loRM6pTQbK+nRyTKECfbS/WERUWR+j+TcRYP724y8Q6B+G6kUOwJ1c3FesPFXqXU5zS3Awi2Q3kvwlk57PT48s2yLhFBL1aqXQuXM7DG79cwXWJpLknfhnt2Fxmt2xV5QP+nOaL0DsnirOvZwE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; c=relaxed/simple; bh=NSlKxrRqla6PllzBbE+3f2dWhWTigkFQxPvFgqJ3hos=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XjaBqO8p2ttKxvU2/53u7vWyl5N2fEw61LAtBmXGZTYMHv8tWplh4VG8krzFnx39Xtztr77t/+rgKp3/hbgsSIrsZUR84QnnXqWJHHrNlQIk/orSbYkYmahc1Br2hsZNchhjWdvM07h46yiyw5LUPiXzc6609ZgHA+Ucesm+lwU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=k5eaZR1i; arc=fail smtp.client-ip=40.107.100.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="k5eaZR1i" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VpjfBk5WrB4nEPGeIKBeQZzwo1VadHO752caOFz1A/yIX8mYJ+YxVJsXloKtc8O9kJnMYRlgayXnpy91tHUEFtXPAZBXVcatXIP3jUXFLyi7qpxBTktx+KgPIkxB1736Q1QqM51Mmisscnzqf6XuKDa+xwvRZQ+vVw2kE9TIEYl0adC+FXPRGmiVRg3NnHqosmOCkoyUMtip89Jhm3jDXi4ze7CBMHsnHQKquW/5m7vViMPftGZZARb62uCPFKONcDz9eHYFNORVr3Mm0Ecz48pCN/nV/TtOHiTanB0q/32+sszE3A84FAUKKC+jJ8KFsV8owvrsa04BkIepYWxkFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SJlwB4/2h9j+IcbZ6t4c3h7qMc03JQocoSs7rugne24=; b=o78UO4VQKJ80qZwaNay8B0xVkl5FXD/6D9GfJCU2lkb5TmzbV7UbQyqFyE/f3Rkyn+bBoz1O3VGDwY++a2EtOD1FgYYmqVXLC29uSQOIy5kiCJ5jnGDXEwC5RJVvahDYtRQdH0brKQdLoAEoDYN57JkRKKMzstdQuyEYF0Kwgv+pK4DQoXybaYZYY2Qh145F5yTH62FMILQl+J0BBGbpTLJImwc6NNGOLrndGWd1ts1cpsieeq7Ck1D8ga0v3wV+L9kdAKlSilABaU/1U7gj20M7t9Heq4B2jhrObYVfwyenXpkUmJS2iAuotgkQDanXl5+Idr+P1O2Zq8jnx74WdA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SJlwB4/2h9j+IcbZ6t4c3h7qMc03JQocoSs7rugne24=; b=k5eaZR1i4QczKFHu9eQY2geFkecCmwmdfns9yKvvu4GYwG0KKNU22mbV01itvrtdxncNXPrqMmXFSFH5kk+94/r+BX9kH4GfrujlUszbuyxZ3hZYzJJd+Y02gsk7usR7SD+nD1EvizCMMamG0HakL4lNBNyotF+Km/2E6yihhLg= Received: from BL0PR02CA0083.namprd02.prod.outlook.com (2603:10b6:208:51::24) by LV2PR12MB5870.namprd12.prod.outlook.com (2603:10b6:408:175::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:25:47 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::48) by BL0PR02CA0083.outlook.office365.com (2603:10b6:208:51::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8293.15 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:46 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 19/35] Documentation/x86: Document the new attack vector controls Date: Wed, 8 Jan 2025 14:24:59 -0600 Message-ID: <20250108202515.385902-20-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|LV2PR12MB5870:EE_ X-MS-Office365-Filtering-Correlation-Id: be152813-7971-4beb-5500-08dd3022a2f3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3LOft3S0GPDHWmlvgKj0nirTTgKX6maz7cwVzFzjb9NQc+pvtWVRiaKBLbNX?= =?us-ascii?Q?l/O7/Etqmah+N/mC9OVCYWPdVh0xAOxAXcJmciWWW+sgye1lrVCnzXcZP8S4?= =?us-ascii?Q?OjSTuxGzS+HzHwq+UvE16jAKp8jo8/VczG46b4KQ7vfD4p0wdHUjx9CZKdkh?= =?us-ascii?Q?yCH+WBNJg8qpTkUHzXWR4Nq71vYzU8Kni4lQpmz1wt0+NqBnlMV6dX4dqEqT?= =?us-ascii?Q?bYa7nCQhjq2tDoSlHc5hxxK6cxTaInLN3+GFpt6OonPHAm/Cq7gNKnTydiU8?= =?us-ascii?Q?vDFNbXuLIl4I3OphMNP3qYg0PlQN8fMSNSORlarYVhO354em+E2WOJjuv+Kc?= =?us-ascii?Q?CVRbJgInVyCuoB44oxwZhE6VdnaLUwo4nu69ToTsujd+s1CLT92/LX/3h9L0?= =?us-ascii?Q?0d97u0JbDVpRVj5TCCQfvr+LyD3W5TcAwbYhVLTCZFhaKhGFK7mqU/ezl4HS?= =?us-ascii?Q?c4StRGxz17Y6TurrB+y3uOcZM/9Nz7Ur2aZIxPqMOPR+O2CzbYFLwvVGhhA6?= =?us-ascii?Q?XIAQ5Ljr5yUFkQdC5v5rJWMf7pb5LcPPXQRcdQ1wGlpFwschgFIjNaMGvOHd?= =?us-ascii?Q?QFF75/Pl07hjWu1msa+1VJsr0S9X877XCh2jSA0p27GVuddYur3WjD45mZ5R?= =?us-ascii?Q?a0ISHbhFwOosJbKQiR9SO2XljaZqhQEUBoUkLorE5W0Lcvmitu3kKpmBlvWl?= =?us-ascii?Q?ztrSj1GzIa06QLfZrJ+eAsa04zVcWhyP5QmBwpFuLszDMQgOUSnsGeE9gYWZ?= =?us-ascii?Q?H44mR0QfICU2mKdrKEgh+oDIBUQi5nzZc6HNyR774c9gRBhMHLiVQ/4gNVN1?= =?us-ascii?Q?E7rr3wuifod1h/3R3kIyhttq+hIA3RCnAq4gILn6PHy49n8bGnLNeVtgcMtf?= =?us-ascii?Q?kBONK+IqZKn0A6VSSC+TPDn0jxtt6YLdEhVTY8ww9edCNaIueeggO6ywx54i?= =?us-ascii?Q?AHoRDos9gEwIGys9CRUZfhr7AyTMiSnwfGhX2Qnvwu7qAozYsfzLjj9omiIc?= =?us-ascii?Q?5gbIkaUtcPeEfcZNcfuzbQ7KDC7bDRE1/0ZwuNL6M3CdCvujQnZ2N/vgTDmx?= =?us-ascii?Q?7v+wcj83flsaNGF9srg9tNxu7knF/cU/SkQ7Z2azmxJDQu7XdAAvbgEPP7Cw?= =?us-ascii?Q?YYlfVNFcQccql6Gmb95Zj9tMQPQT04igUzquB2IgOK/t+de+rJNVYzLAuPNK?= =?us-ascii?Q?0FDUaLOiB7JV4YFNpfvKPzoTbuAqrHXTSfbXVSAt+sA0OJZ1jGcybD5Of+LV?= =?us-ascii?Q?uNakl7l08IVhcuMFdB9sl/KawLSWnJ3b2nO6L3bdaZjAGXUxe0lRrcEeJTDT?= =?us-ascii?Q?2xy956B8qTw5YjQ5hAVYjwGIBCugPXTEvIFKawzOcocoz6Hcj61IQcoMZpHR?= =?us-ascii?Q?tnMnonVbla6D2cQnJILggK2QYCcgPcgl9zcT9lcN+0sZGXV1qPM/92pZzr8a?= =?us-ascii?Q?EUjEec4vi7YbXkBU4vEWUBMWYb5Y/Se76gHCanhQoEHJEZSKMmjvMKHMgUNb?= =?us-ascii?Q?jdB98UXkBTwqztw=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:47.6262 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: be152813-7971-4beb-5500-08dd3022a2f3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5870 Content-Type: text/plain; charset="utf-8" Document the 5 new attack vector command line options, how they interact with existing vulnerability controls, and recommendations on when they can be disabled. Note that while mitigating against untrusted userspace requires both mitigate_user_kernel and mitigate_user_user, these are kept separate. The kernel can control what code executes inside of it and that may affect the risk associated with vulnerabilities especially if new kernel mitigations are implemented. The same isn't typically true of userspace. In other words, the risk associated with user_user or guest_guest attacks is unlikely to change over time. While the risk associated with user_kernel or guest_host attacks may change. Therefore, these controls are separated. Signed-off-by: David Kaplan --- .../hw-vuln/attack_vector_controls.rst | 172 ++++++++++++++++++ Documentation/admin-guide/hw-vuln/index.rst | 1 + 2 files changed, 173 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/attack_vector_control= s.rst diff --git a/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst b= /Documentation/admin-guide/hw-vuln/attack_vector_controls.rst new file mode 100644 index 000000000000..541c8a3cac13 --- /dev/null +++ b/Documentation/admin-guide/hw-vuln/attack_vector_controls.rst @@ -0,0 +1,172 @@ +.. SPDX-License-Identifier: GPL-2.0 + +Attack Vector Controls +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Attack vector controls provide a simple method to configure only the mitig= ations +for CPU vulnerabilities which are relevant given the intended use of a sys= tem. +Administrators are encouraged to consider which attack vectors are relevan= t and +disable all others in order to recoup system performance. + +When new relevant CPU vulnerabilities are found, they will be added to the= se +attack vector controls so administrators will likely not need to reconfigu= re +their command line parameters as mitigations will continue to be correctly +applied based on the chosen attack vector controls. + +Attack Vectors +-------------- + +There are 5 sets of attack-vector mitigations currently supported by the k= ernel: + +#. :ref:`user_kernel` (mitigate_user_kernel=3D ) +#. :ref:`user_user` (mitigate_user_user=3D ) +#. :ref:`guest_host` (mitigate_guest_host=3D ) +#. :ref:`guest_guest` (mitigate_guest_guest=3D) +#. :ref:`cross_thread` (mitigate_cross_thread=3D ) + +Each control may either be specified as 'off' or 'on'. + +.. _user_kernel: + +User-to-Kernel +^^^^^^^^^^^^^^ + +The user-to-kernel attack vector involves a malicious userspace program +attempting to leak kernel data into userspace by exploiting a CPU vulnerab= ility. +The kernel data involved might be limited to certain kernel memory, or inc= lude +all memory in the system, depending on the vulnerability exploited. + +If no untrusted userspace applications are being run, such as with single-= user +systems, consider disabling user-to-kernel mitigations. + +Note that the CPU vulnerabilities mitigated by Linux have generally not be= en +shown to be exploitable from browser-based sandboxes. User-to-kernel +mitigations are therefore mostly relevant if unknown userspace application= s may +be run by untrusted users. + +*mitigate_user_kernel defaults to 'on'* + +.. _user_user: + +User-to-User +^^^^^^^^^^^^ + +The user-to-user attack vector involves a malicious userspace program atte= mpting +to influence the behavior of another unsuspecting userspace program in ord= er to +exfiltrate data. The vulnerability of a userspace program is based on the +program itself and the interfaces it provides. + +If no untrusted userspace applications are being run, consider disabling +user-to-user mitigations. + +Note that because the Linux kernel contains a mapping of all physical memo= ry, +preventing a malicious userspace program from leaking data from another +userspace program requires mitigating user-to-kernel attacks as well for +complete protection. + +*mitigate_user_user defaults to 'on'* + +.. _guest_host: + +Guest-to-Host +^^^^^^^^^^^^^ + +The guest-to-host attack vector involves a malicious VM attempting to leak +hypervisor data into the VM. The data involved may be limited, or may +potentially include all memory in the system, depending on the vulnerabili= ty +exploited. + +If no untrusted VMs are being run, consider disabling guest-to-host mitiga= tions. + +*mitigate_guest_host defaults to 'on' if KVM support is present* + +.. _guest_guest: + +Guest-to-Guest +^^^^^^^^^^^^^^ + +The guest-to-guest attack vector involves a malicious VM attempting to inf= luence +the behavior of another unsuspecting VM in order to exfiltrate data. The +vulnerability of a VM is based on the code inside the VM itself and the +interfaces it provides. + +If no untrusted VMs, or only a single VM is being run, consider disabling +guest-to-guest mitigations. + +Similar to the user-to-user attack vector, preventing a malicious VM from +leaking data from another VM requires mitigating guest-to-host attacks as = well +due to the Linux kernel phys map. + +*mitigate_guest_guest defaults to 'on' if KVM support is present* + +.. _cross_thread: + +Cross-Thread +^^^^^^^^^^^^ + +The cross-thread attack vector involves a malicious userspace program or +malicious VM either observing or attempting to influence the behavior of c= ode +running on the SMT sibling thread in order to exfiltrate data. + +Many cross-thread attacks can only be mitigated if SMT is disabled, which = will +result in reduced CPU core count and reduced performance. Enabling mitiga= tions +for the cross-thread attack vector may result in SMT being disabled, depen= ding +on the CPU vulnerabilities detected. + +*mitigate_cross_thread defaults to 'off'* + +Interactions with command-line options +-------------------------------------- + +The global 'mitigations=3Doff' command line takes precedence over all atta= ck +vector controls and will disable all mitigations. + +Vulnerability-specific controls (e.g. "retbleed=3Doff") take precedence ov= er all +attack vector controls. Mitigations for individual vulnerabilities may be +turned on or off via their command-line options regardless of the attack v= ector +controls. + +Summary of attack-vector mitigations +------------------------------------ + +When a vulnerability is mitigated due to an attack-vector control, the def= ault +mitigation option for that particular vulnerability is used. To use a dif= ferent +mitigation, please use the vulnerability-specific command line option. + +The table below summarizes which vulnerabilities are mitigated when differ= ent +attack vectors are enabled and assuming the CPU is vulnerable. + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D +Vulnerability User-to-Kernel User-to-User Guest-to-Host Guest-to-Guest C= ross-Thread +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D +BHI X X +GDS X X X X = X +L1TF X = (Note 1) +MDS X X X X = (Note 1) +MMIO X X X X = (Note 1) +Meltdown X +Retbleed X X = (Note 2) +RFDS X X X X +Spectre_v1 X +Spectre_v2 X X +Spectre_v2_user X X +SRBDS X X X X +SRSO X X +SSB (Note 3) +TAA X X X X = (Note 1) +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D + +Notes: + 1 -- Disables SMT if cross-thread mitigations are selected and CPU is = vulnerable + + 2 -- Disables SMT if cross-thread mitigations are selected, CPU is vul= nerable, + and STIBP is not supported + + 3 -- Speculative store bypass is always enabled by default (no kernel + mitigation applied) unless overridden with spec_store_bypass_disable op= tion + +When an attack-vector is disabled (e.g., *mitigate_user_kernel=3Doff*), all +mitigations for the vulnerabilities listed in the above table are disabled, +unless mitigation is required for a different enabled attack-vector or a +mitigation is explicitly selected via a vulnerability-specific command line +option. diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/ad= min-guide/hw-vuln/index.rst index ff0b440ef2dc..1add4a0baeb0 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -9,6 +9,7 @@ are configurable at compile, boot or run time. .. toctree:: :maxdepth: 1 =20 + attack_vector_controls spectre l1tf mds --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2081.outbound.protection.outlook.com [40.107.212.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC119205519 for ; Wed, 8 Jan 2025 20:25:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.81 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367956; cv=fail; b=sBYItL516Y9X6ap8AeR8E3CEGdxIAI9ehzyPTixFD2auWBSMBi4MW1MKEOeyoPsuRWzGmTktc7N1Yyz9yGWHu9pBIudYk/+qyz5teRLP3FK78jMC0M4mr6jsKeSOh0oawjWQc3L7zQ0NrL9Uq6oVGsmAILRlw/MP6ri1EpBmCtU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367956; c=relaxed/simple; bh=JlI+6Z3An3b2yJXiqdG+JbtP7FpKPwdPGrASH0YPHt8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rUYAyDUN6nkaFKe7hNoI/JlKGtuEx4c+GM+/zl2F4fQ9m1J84EO2j0EojvdZ120q4rTxUGgbibCDMO9vbHwpaYSMGUPxVXaqxfBKYGqPUiwDqt0VDY9J7E9NpdcsOzWXttK8iaPwbRgE6XrRpPGPNL7HAk5zbscIwK5xJp61fkk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=W5PO5WHZ; arc=fail smtp.client-ip=40.107.212.81 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="W5PO5WHZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HCHY9UCl/ZFMBZxhaASsF65+C13gfIdODEcz+ZVI0NPYzwe+/CAltSsDFlIv06T7CuEloyKNTSKWDvPcJBHCoAskvpUqQ7SuxGgQPTZONDJjPqYuRu7t4tTu9i8KOwvxLzI99/QkRBwN6lWvEFQ2S2Qve07NLPZjbkkbhSXrjiw+1LGBniwldOHPR20v1VZgbR0V47R/cTyze6Xps0Yg9La6iUwje0MSqPQkttdC/GvuzWPT3Kz0Nwa4sjx0N+R/tqXUq3umGUf62U9jKe1Mw1lMQdWrLnJTy7giM0W/QSP8uRLDuvcFT53PX2Z36IAhB4+oAjom1iBp+ZMpwRMpvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tmbWFoPDAHbLvJG5J8w8lBxJoecMHVyNuiGdycjNmZs=; b=M6c4pZleBNne3DcpaI9HoqOtx0ukcctgtjC8TqhbCXX0XNoEhBdXjvyvmceT38DhITe9O9bGurRe+tgApvMpPUdojdH41ABCouCTIisO3C/aKXjy/N4e/FeRvp6b1fQMGYJQav2VBl5OWLgj3cLLJDeObWzFuJUXYhOucKalM6FeSVi83V2EjJrLgCfU/cFV6kl9BKD7YO1R606LzrfxMPhCrIDy2kTyyYlnPwpKJJfUH3Yhlw6fUx+dm7tH5XPqCM3vMldlF75aQdZyKjmiKKZG96IUA32eZ1lQqde0awp6CItw0HbxeQlPGL99fHBJcQCb+wjiQ5sifEGrTBXdjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tmbWFoPDAHbLvJG5J8w8lBxJoecMHVyNuiGdycjNmZs=; b=W5PO5WHZW+iBB2gWHcbC3KM3X4vf+xMb51zc7hwvVSnKJtyu6CUpqzBZB4j4BI2qBrUsfD0842tI+gYvFPXaEXocHKuvvKeolHbspCegllaJO+99/U5fy0Q63aBw6YdF2jeoDjffm6U7o25VOQ6nCtvDkKWZr4642hE31Cg2YIA= Received: from SA9PR11CA0030.namprd11.prod.outlook.com (2603:10b6:806:6e::35) by MW4PR12MB6850.namprd12.prod.outlook.com (2603:10b6:303:1ed::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:48 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::60) by SA9PR11CA0030.outlook.office365.com (2603:10b6:806:6e::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:46 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 20/35] x86/bugs: Define attack vectors Date: Wed, 8 Jan 2025 14:25:00 -0600 Message-ID: <20250108202515.385902-21-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|MW4PR12MB6850:EE_ X-MS-Office365-Filtering-Correlation-Id: 43fcc973-7f74-4bff-f5ec-08dd3022a303 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|1800799024|376014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ZvQDxf3W070zffBKhLECeuiNzTPuQgJi8z+W05bEqX4rs0mNh5JNCrKa7e5c?= =?us-ascii?Q?JC1Cs1LH8A81gb4dbss43Seehw8Mg0YC0ylOq8S1WrkA0Jnp9/U0yY3FLKvJ?= =?us-ascii?Q?IKdodN1fp5Nmm41YAmyoSMPn6OFYaMdj3BLuFm2pedmXsOpdOLHZt5tInweW?= =?us-ascii?Q?pR4+/OHKycJkGcgmdW5GBzjCNB3Y3okaRp1bGaSXgc67eYqoZu4axQMngbmB?= =?us-ascii?Q?mIvuvsEGIKU4YH+Uz+FotzZDgmLcwvkd3P2SA5EqUaBUxYzN5hbP038ALaDV?= =?us-ascii?Q?kqWXq3YfbVUzxLjVPCkiNGXyXyRyKvsaOdzooIqWir3SdU9R9612vmEiCfi1?= =?us-ascii?Q?q/ESKhbtBPCfHliLuDrTzvI0yYtuIWYkPgwhFdG+KPPwVoRVPsjNfOcCspAn?= =?us-ascii?Q?SzUq99+FlhTJtE23S1SXBq1Ksf/NQgGPL/6weZN3+pQpt8KsyH1Opcd9EWRO?= =?us-ascii?Q?rhcmzKs2qUobNVcngUyVCMaf0rRn41A33Vy48lN5HIiH/eiL+FRyweDaluTt?= =?us-ascii?Q?h62ZzoMvQtaY4pAP+fVXR2/AUQHU4XRYZR0lG34LiTbCntkNFFkrvLKO91gD?= =?us-ascii?Q?ygHKEstIljCvAHMktOq0BY+wuo//uW4GFuc6TtnhpwnMZWNEBlVVBrf8d+Pb?= =?us-ascii?Q?oMkgAXwhLFdNWRUMgqp/FddB95eiJ45AOVtYtBmejEZ1b966wIYOEAYS08Ci?= =?us-ascii?Q?hri7RzlGOaz4qfA42dhlVoK0I/gBjIMS5SfP9U21wHCVQkKQgbDnRkea/2Oe?= =?us-ascii?Q?ayZNAMWcUrYaBXrVc5gRkipMYWfJBJjIgSrOujcYm6pnLbSdKl5GD+TxhtVB?= =?us-ascii?Q?nAF/T9ScTUTx5DlMsxY0Fmo9dI6lnABaFlL+JnJS34cGqwT6H+IoK7v72sRK?= =?us-ascii?Q?+S+XlXgnBHGOEb41nBBJJ0VqQrectz+RnO64qSaPfg8/SDn4SoKj6qcjwkk4?= =?us-ascii?Q?8jGhmGqiNQwESwL03mxuoA0Mi44mhq0w/nuUBM0zecx885i+1+9/E4Yp5l3c?= =?us-ascii?Q?lGvCtlMg6clUaTpH3azW4XDEOrPySB+ZvQQW5WYhogz0swN0RtUI9+fdwYxh?= =?us-ascii?Q?K05JF/v/YwyMJwEBk2y0IoCB75YUJh0Obe1WDlKWefn/BESGR0f0V5m5/jKs?= =?us-ascii?Q?cGxkuuTXLJQQ30OSsDIJO1L3lSDZPqRSSKl5tOiIaKh2EU4A64lJd8TOH4/3?= =?us-ascii?Q?2FfhfGUjWowgw6r/ahzWlLONuLwchh78QNE6P5KFfuX6gJe+jSqPNbJkYsNF?= =?us-ascii?Q?aOKFvENeUHKn0buOSnOmVEDMMOg4Q4SbfJ4ZC7JC7d53XbM0LDn2XmDfXCGz?= =?us-ascii?Q?YBuE4vSS4d+JEGksGXGjs+BPsslhKLcG9+Q9aSuAJ1i9gxa6VaOJ3ebbyhkE?= =?us-ascii?Q?nlU+xZcgFPjJCRn5tsLnmWVF9OaUvs5bHLwpn7urs9eh3BAyNxtDAW0AqQd9?= =?us-ascii?Q?b1MTiYIVQ9HI3M0yw/+chNzGWynxgbKmjUu5A5lpnRO94q4WHDwMTA=3D=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(376014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:47.7351 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 43fcc973-7f74-4bff-f5ec-08dd3022a303 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6850 Content-Type: text/plain; charset="utf-8" Define 5 new attack vectors that are used for controlling CPU speculation mitigations and associated command line options. Each attack vector may be enabled or disabled, which affects the CPU mitigations enabled. The default settings for these attack vectors are consistent with existing kernel defaults, other than the automatic disabling of VM-based attack vectors if KVM support is not present. Signed-off-by: David Kaplan --- arch/x86/include/asm/bugs.h | 11 +++++++ arch/x86/kernel/cpu/bugs.c | 60 +++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/arch/x86/include/asm/bugs.h b/arch/x86/include/asm/bugs.h index f25ca2d709d4..354d04a964f0 100644 --- a/arch/x86/include/asm/bugs.h +++ b/arch/x86/include/asm/bugs.h @@ -12,4 +12,15 @@ static inline int ppro_with_ram_bug(void) { return 0; } =20 extern void cpu_bugs_smt_update(void); =20 +enum cpu_attack_vectors { + CPU_MITIGATE_USER_KERNEL, + CPU_MITIGATE_USER_USER, + CPU_MITIGATE_GUEST_HOST, + CPU_MITIGATE_GUEST_GUEST, + CPU_MITIGATE_CROSS_THREAD, + NR_CPU_ATTACK_VECTORS, +}; + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v); + #endif /* _ASM_X86_BUGS_H */ diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index aee2945bdef9..88eba8e4c7fb 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -169,6 +169,66 @@ DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear); EXPORT_SYMBOL_GPL(mmio_stale_data_clear); =20 +#ifdef CONFIG_CPU_MITIGATIONS +/* + * All except the cross-thread attack vector are mitigated by default. + * Cross-thread mitigation often requires disabling SMT which is too expen= sive + * to be enabled by default. + * + * Guest-to-Host and Guest-to-Guest vectors are only needed if KVM support= is + * present. + */ +static bool cpu_mitigate_attack_vectors[NR_CPU_ATTACK_VECTORS] __ro_after_= init =3D { + [CPU_MITIGATE_USER_KERNEL] =3D true, + [CPU_MITIGATE_USER_USER] =3D true, + [CPU_MITIGATE_GUEST_HOST] =3D IS_ENABLED(CONFIG_KVM), + [CPU_MITIGATE_GUEST_GUEST] =3D IS_ENABLED(CONFIG_KVM), + [CPU_MITIGATE_CROSS_THREAD] =3D false +}; + +#define DEFINE_ATTACK_VECTOR(opt, v) \ + static int __init v##_parse_cmdline(char *arg) \ +{ \ + if (!strcmp(arg, "off")) \ + cpu_mitigate_attack_vectors[v] =3D false; \ + else if (!strcmp(arg, "on")) \ + cpu_mitigate_attack_vectors[v] =3D true; \ + else \ + pr_warn("Unsupported " opt "=3D%s\n", arg); \ + return 0; \ +} \ +early_param(opt, v##_parse_cmdline) + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v) +{ + if (v < NR_CPU_ATTACK_VECTORS) + return cpu_mitigate_attack_vectors[v]; + + WARN_ON_ONCE(v >=3D NR_CPU_ATTACK_VECTORS); + return false; +} + +#else +#define DEFINE_ATTACK_VECTOR(opt, v) \ +static int __init v##_parse_cmdline(char *arg) \ +{ \ + pr_crit("Kernel compiled without mitigations, ignoring %s; system may sti= ll be vulnerable\n", opt); \ + return 0; \ +} \ +early_param(opt, v##_parse_cmdline) + +bool cpu_mitigate_attack_vector(enum cpu_attack_vectors v) +{ + return false; +} +#endif + +DEFINE_ATTACK_VECTOR("mitigate_user_kernel", CPU_MITIGATE_USER_KERNEL); +DEFINE_ATTACK_VECTOR("mitigate_user_user", CPU_MITIGATE_USER_USER); +DEFINE_ATTACK_VECTOR("mitigate_guest_host", CPU_MITIGATE_GUEST_HOST); +DEFINE_ATTACK_VECTOR("mitigate_guest_guest", CPU_MITIGATE_GUEST_GUEST); +DEFINE_ATTACK_VECTOR("mitigate_cross_thread", CPU_MITIGATE_CROSS_THREAD); + void __init cpu_select_mitigations(void) { /* --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2052.outbound.protection.outlook.com [40.107.243.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16C29204F95 for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; cv=fail; b=RW9fq8J8wzhlx4LLZtz527BaxVLpYz4iOH27xiiqdoOu8Xf2lUuJlAxZOrwFd0DU2U7FPMfHmSMm7/6yUHtS9RuFf8KeXHJ7jQdG9ttK6OeUK5K3tLq1G81eLAyw0Ak3FqR1S4fGkmp7a3VZBZazjFWTXS63gOWy6+UP/NP9W+0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; c=relaxed/simple; bh=Z1y1kwVAC/T3RxwfKzJBbqgZay4p+VrbfWugV0PsQs4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aUyNsnc2QvAcceF2QG+YEryMdVBVpdzH4iZaC1Ccz++vfYQJ4ofYAcr95fX17QKg2ETh/toDWxnZTIi0dfAbH75bICocYJgrP5b5SxVs7e84XPoFXQqKox6+8gapId26ZL2GPQhGiZ8LlT/A5QhTy2XSYVJyi694pB6MmrK6ySM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wIXH48bj; arc=fail smtp.client-ip=40.107.243.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wIXH48bj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=iMN5qZ/BsqKRfuHROJ99uCU6elphNBolP6ZT7HUQnsFyi9gpM3kDsf9Lh5YsK/0Vq/iz9DUQrHEDxyioZ5lNcR6RwyCVJe6uFZYbkPjC1fuIRL0pNPN7J2BJWbRcX4fl/G94CnJjF/1pMOpZ9uZRkbOFqOJOgmuaR0lKOKibf4PZVYMOEpQRZ07lFoil65FnDnr+ATf0zNcFaqPC7OYpWclbfGAlrLVDzSw4E5SEwMFelbBNHGUhAI4kptDjY8W4pyThxIQn/3rvejFYEgV0eOM5XZRP6z+rY33B/6f1CliGULQ7ZaN7WaXdmtgp+STv0HaqsSzQLkt7o4J5ha3wUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ruk1Kgc5p3EaLxE0aWYGRLzA9MROECUsch8nldExLAs=; b=KvrGnEp9srwwfkcxgctms0NU/DD7pbWM/MC5wex/MqZRikNByBEdoKhj9eQINZn13XKF0mtQOBEAGBoYHksGRQD83fvd8qgAKtNshCKyicZUpABY5/Ght9z1hChPz/ruyB0sw0RJOoM/IVuV8YvpVOffy1YPOSsg04BXJYiLkfCcIr/LMx7LNusRy3L8WTamccQnxH3yG5EEDXdWrrpkFpg6va+q7cHXhbEaxV6QXUTdHz4o04v+XmRoO68c+pNvDjjlEqR5WEHeB6iA3TDEcsxOa6NnpGbhUXQee1di0B+pE4XffI4fkVLyQZ1Mk1qW29BhqVMXc1t2tJ/X1pooew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ruk1Kgc5p3EaLxE0aWYGRLzA9MROECUsch8nldExLAs=; b=wIXH48bjrivu+6HZamZqwSxEUr5TnXJI3XDxxZwERojF6dGbCKNRQEYF6pM/ObHFIL72syze79s9Y3zEWeFfNkTf4qYOsCp9Pt9DLzYgm1n4QfBCr4LGR3+JbgdKSP6jNQ1uaoMYDeQJexxhivF9QPnvZEoVa2vnEPaSVfNqwjA= Received: from BL0PR02CA0105.namprd02.prod.outlook.com (2603:10b6:208:51::46) by MN0PR12MB6341.namprd12.prod.outlook.com (2603:10b6:208:3c2::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:49 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::c6) by BL0PR02CA0105.outlook.office365.com (2603:10b6:208:51::46) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.22 via Frontend Transport; Wed, 8 Jan 2025 20:25:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:48 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:47 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 21/35] x86/bugs: Determine relevant vulnerabilities based on attack vector controls. Date: Wed, 8 Jan 2025 14:25:01 -0600 Message-ID: <20250108202515.385902-22-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|MN0PR12MB6341:EE_ X-MS-Office365-Filtering-Correlation-Id: ec72a1fa-f44e-4c2d-02a0-08dd3022a342 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?0gNu/hKuEx0M1S+FK0R+KNNNbvEIz7OMcpD0UIZZWBaT2M/G5IJZZYa98fH9?= =?us-ascii?Q?RWGHrIPO9QkHkRukIoOpGBopL5tyhR6BPEkikWT8qI9bV3U4GhobgaBZNEsB?= =?us-ascii?Q?fMfsxLkB9xOFMIlkC9q1F1NZEXaMCHdhZe14xrqc7LHXFqrkd78SWyy3xt2l?= =?us-ascii?Q?woMz805/SD9vRw6f6aoRhjAbmRzkkPWGgdfAxfkk4zKow2jyEaoqz1VLMh8G?= =?us-ascii?Q?H6lH4G8iZt1L7d3CYU5d7tEouOWs8Tgr2A02jtFsd2JVRd/MtaIHuU30ZW88?= =?us-ascii?Q?c2VMnNe/kP53QqnXmkMFQNLl7/i6ZWQtL87x67+PlPcm3lnRBJ7y2WAcZR1i?= =?us-ascii?Q?4DpL5LG1ZoLGpb6vIn1TrHtxYwi5ggyX19xco6FMGwtbWxku1sTHI7KYFlcx?= =?us-ascii?Q?8dCNhhOIppP+KeOdkhJLcogLNdOwI6HdBpqm9RCkHTYB7jPOlwk2pnpoJnoU?= =?us-ascii?Q?p0HuLn50+oNjst/8dUAZU/I5dpgGTx5l0iWjX5WXr2wyo7CwBQELjxo4uP4R?= =?us-ascii?Q?L5SqeJRLf2dGUG2Au/Hkh4xtJn+cdGrqJ5UwfqozLzpFuzdsE59wxU6Oyml9?= =?us-ascii?Q?SeJsaSIAHOPdDIoUBxLhS/a5adwfI/l0RZXKsTYw4+A0K/kc0THHh/24InWy?= =?us-ascii?Q?BLsbAIN34ejfs6oy+gs8CGCOR7PzT8dMi2314xxRX4+je4R9SUQEnl5/VuTj?= =?us-ascii?Q?f0k3rryciMzXSRum8OqrQfvI4tjG2R/ZyZnGbFirIDICHJMZZB5jemSFOr2G?= =?us-ascii?Q?FOs3nPZAoX5jcFtZsPRf6q5zVBSGhRFAe4kTlLNwGJw9g9Furl09MbL35hCg?= =?us-ascii?Q?Rz5yQUOj028tvExULsvzy/TnXx9M2PU+Ga5R1L2Fw857mmp7b/cXSSVWAJzn?= =?us-ascii?Q?bR+bl9UpJ9Af/mUj7XnUFpBqcNO0sktVMu+YcO7iFKdFeyR7Xili8AZpCupQ?= =?us-ascii?Q?/ea7m8S5tOMUMmaXjPa1odbSezM0+Pyr73BGOQp2/iFaLm+pGz8ca2b6Cwf2?= =?us-ascii?Q?riYzouWqgcDFT5XKtSiBg5RzvYCbASrPIg8uh2PDzKKu2OYpIkuNwt0AFwiZ?= =?us-ascii?Q?Lr3cUXP3cPRMZkUrggkbfCO5L7PiXnEUZmZd+pxZBWzSLFl+lTJssCYGkf+z?= =?us-ascii?Q?sNFAEuaC6ZayKGQWoZ0DemAcwznqkmw1NOx2LsD4H8gNrFRUetX3QTfQ4sLX?= =?us-ascii?Q?IgFmJOEeo9k9VnTlmnTSti8IKd9oWI8YRJOYvBzOL1XjDqvvW6WaVtM7p2Bu?= =?us-ascii?Q?mpyODuh+Lbc2wJdNa8FEfSWyzaurpGv6r5yVqTZNXd/tYRoKim66O2ielgB3?= =?us-ascii?Q?ZeIX9c1Rv5vlyF0JGm8WvzO3HwyqTAQK+YmDhrsz1KQd61u8mAUdBMcaWJ6F?= =?us-ascii?Q?fnp4R6uaZfFgDm394mrnnLsvF8lSsU0vuBD1gQNDYWh9r/R7GXxzv978VyfT?= =?us-ascii?Q?FOTDp5nYF6Cd9Hj7HtjdJRTLdHRPABZZy7lwBBzc/0rkj5irOyiADiXFb2vr?= =?us-ascii?Q?Wcv5j0MGoqUISJQ=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:48.1418 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ec72a1fa-f44e-4c2d-02a0-08dd3022a342 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6341 Content-Type: text/plain; charset="utf-8" The function should_mitigate_vuln() defines which vulnerabilities should be mitigated based on the selected attack vector controls. The selections here are based on the individual characteristics of each vulnerability. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 69 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 88eba8e4c7fb..175dbbf9b06e 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -347,6 +347,75 @@ static void x86_amd_ssb_disable(void) wrmsrl(MSR_AMD64_LS_CFG, msrval); } =20 +/* + * Returns true if vulnerability should be mitigated based on the + * selected attack vector controls + * + * See Documentation/admin-guide/hw-vuln/attack_vector_controls.rst + */ +static bool __init should_mitigate_vuln(unsigned int bug) +{ + switch (bug) { + /* + * The only spectre_v1 mitigations in the kernel are related to + * SWAPGS protection on kernel entry. Therefore, protection is + * only required for the user->kernel attack vector. + */ + case X86_BUG_SPECTRE_V1: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL); + + /* + * Both spectre_v2 and srso may allow user->kernel or + * guest->host attacks through branch predictor manipulation. + */ + case X86_BUG_SPECTRE_V2: + case X86_BUG_SRSO: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST); + + /* + * spectre_v2_user refers to user->user or guest->guest branch + * predictor attacks only. Other indirect branch predictor attacks + * are covered by the spectre_v2 vulnerability. + */ + case X86_BUG_SPECTRE_V2_USER: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST); + + /* L1TF is only possible as a guest->host attack */ + case X86_BUG_L1TF: + return cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST); + + /* + * All the vulnerabilities below allow potentially leaking data + * across address spaces. Therefore, mitigation is required for + * any of these 4 attack vectors. + */ + case X86_BUG_MDS: + case X86_BUG_TAA: + case X86_BUG_MMIO_STALE_DATA: + case X86_BUG_RFDS: + case X86_BUG_SRBDS: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) || + cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST); + /* + * GDS can potentially leak data across address spaces and + * threads. Mitigation is required under all attack vectors. + */ + case X86_BUG_GDS: + return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) || + cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) || + cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST) || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD); + default: + return false; + } +} + + /* Default mitigation for MDS-affected CPUs */ static enum mds_mitigations mds_mitigation __ro_after_init =3D IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_= OFF; --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2078.outbound.protection.outlook.com [40.107.220.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41801204F6B for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; cv=fail; b=bZzAfpGBi7pxXT7TG8b3IDj5LjGYD2BfZsAa65/rqCfA9uxKyoSQUmJUv3c1tb7xQkUz0HSRQ5zPo/iLXCr5nT/eKpY3RyyVCTSpMjA+BKeBrsfhJI5GsAdnPu3uWt3ZtV74Wq6kD9XQde8e6pnhv8bNYHQTzWN4g2zSSSCPm4g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; c=relaxed/simple; bh=YP9jjJw5PBdvIfVo8lT2qbxiRM69sqN7Gxy/Km3Hd4E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WwY6wR0WqPEx1g7j5b6pGZl1KIZ0Bs9YtO2seT0k+FfrWhKp0lbxEQ5McCspnPqBwMG6+IO+8CzQiXeq9y3pOfBU06+YtBVpgt9/dpAsLEE2fKEElstT+NQjRFr0XiZ0KVN4MJH6zH+BAd6N2u5eX+70lfSa3Z7Cxy5SoNGXZcA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Wj0sBW7a; arc=fail smtp.client-ip=40.107.220.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Wj0sBW7a" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zHNMnKaExMr6ZkjuOc8wT15Pmss/2RV/7FkMPPa3DTvo9hTEET0I/FeqyWE2YGX1M8EWjy89+ipIDQbpxY/N2lkvc5KBTi/VnlTgYluCjddswQeX09sIATgyH2JVkqoXbzeoKuWiIh6WqQ4JCpMOHwq8vTkD5WEYymGouocVbAFRKFqoW+hpP+krhL56QmpWm31GOqxVZ4rRGVKECbiU0RSGTu+jUsD5etT3BBZNBZTRuQYTsKVMHQwtPOHdYX/kG/ONlUN3R0HWHWTLBwv+mwznP90mw/XIgDpbSgAgE6yS+ahbNS1cYVKMXlQawhgX9xUdczVZ4ftlwV9UfbDiDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SaiPzL1UmZAkYF75Ftc5tCFEQt241nm9W13d1h08QEI=; b=tHzq6Lx8kO40RZs85XSwhKuaBFV6uRewxodE+y55CTGUvwYuyaMZUkP2Fg81PkBHA0kdOzL5LMIPXyo1DUG5nAg8GbMa4bH3Yj8PJhGtdhnCTzBoYk79DJqXeOFZYXss0+GgUyey81aaHundeeEzApEG+UkcxyTynxM6m9bx8Dzlj4UeyZkifvJI6rEjc0bLUtyRVvgX4/Nke8QeXdpe8/pbAbdnji2160Qv+Q9uwxIA1GoJNyEpF/EfqF0jqDtpQNyPGq9g2ZkMiDJpcscAlxLY/aoeVoT2isK1HRRixdTAC1/XeYEN9L30aiy4iXujKfE+Iy4jCVR/L4SXnKjVkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SaiPzL1UmZAkYF75Ftc5tCFEQt241nm9W13d1h08QEI=; b=Wj0sBW7asAcILT9ElTZ0Dy4Ub7EoC/iCQ69Ew2t+mcVJgxoAtUB6Su5u8qXC3Rg0Jd5RDDYrwhF0/j+p7JCgaHgQXWvDYs9vmtzd+2V0q1Iq0jl2BMorJkO3c+BfGX3/kheQ5IO9Opno4x1cE8WUm0Go6/F/6svMPxXE/3/TJ28= Received: from SA9PR11CA0029.namprd11.prod.outlook.com (2603:10b6:806:6e::34) by MW4PR12MB6778.namprd12.prod.outlook.com (2603:10b6:303:1e8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:49 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::45) by SA9PR11CA0029.outlook.office365.com (2603:10b6:806:6e::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:47 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 22/35] x86/bugs: Add attack vector controls for mds Date: Wed, 8 Jan 2025 14:25:02 -0600 Message-ID: <20250108202515.385902-23-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|MW4PR12MB6778:EE_ X-MS-Office365-Filtering-Correlation-Id: 41830522-848e-43e8-ebd5-08dd3022a3dc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?FsfBPAOFABGYNMThzDhShTa1OXaec9RylhW00/uCjVTqEb8ZxD5wqorDTuV7?= =?us-ascii?Q?k/dVOrTPE5PGonNgn2gsBwWWYMT6Dzoa+vrUbERCO4JQ6EhxaT2M0RgQszXp?= =?us-ascii?Q?+SDDVHKPDOKvP2Bld1rFQIhZexEeHTBW5KyZaH8oeMvAO6UVRfPQ55puUoJ8?= =?us-ascii?Q?mrBVudXYCZ7RqdQo81tXqtbyBLGwSBDCz5rs6j0kXkL3i8Qe5cxPxEnHnugm?= =?us-ascii?Q?dx/Hov6uuEynPiNrSS0hO4Zh8vy80QwSS5MgtPpp87heZbbxZ0CdaXTXtRGm?= =?us-ascii?Q?rU0rQRs/2w0cISHKbLrHtuwImUi1OEuozGsGoqo0ayGdzuWXcXhipePw1xcu?= =?us-ascii?Q?9IKQ7+MRyKdMvTFGrFYvtPOX4qxwrRVLJUK+lJC0+LMZf+VkVsUK8N9rJ/1m?= =?us-ascii?Q?oNxjMZHCMmJezi0oyXfNlRpvhlX0XLNqPDNzCfoyEC62Oxe+tUMLh2zGe8TN?= =?us-ascii?Q?gk/7ccmCG/plr9fETgTkhwHUK87/PeOcUpS9v9QxH9FRXYTWOe4CzUyAVvFI?= =?us-ascii?Q?ulWysz9pjSEkgKWLA2IZtLnByI4yPp1wFpNHfG6RXMjqo64s4SESP4Cefs5H?= =?us-ascii?Q?YgY1YDxwtJ7k9hZpS/hyxpoTCA2rNjrvMOAt8UsP6iXA6eE/hd556ExliLQo?= =?us-ascii?Q?R0jEA+ZO9v6RCsn72Is0C+J4NzKIMG5y1kA+y07WiGlj6jiaLp1pPOle3Ps8?= =?us-ascii?Q?wsfuu/umk53xZDyuX9UkCndRZ8rylusY9+UXp+HgsLdsoxR1EjB9J+ekq3XK?= =?us-ascii?Q?tHKo5QLGtf7t3nQCPPDrmS6BIB6qxEz89EWteZYTrDluh6jteIYM3eTu0SOq?= =?us-ascii?Q?kUfXd9bZXrEhMf5fQfU5XxsDriaV4dlv6U9TRurl/1KNY/Twq5C2zLO4CXjU?= =?us-ascii?Q?z5FtRefekwEcxvyr1nbtqS6GR0y0YwC5GFxCrN1uUy1hTzTux4BWEU9MoQkl?= =?us-ascii?Q?uPFs4I/y9eDVdOTFMm4aLbECZqcz4DGIfzLFw2QUWltQlOxr4LNqalQAqSW5?= =?us-ascii?Q?Htv4sCRRxIGGn9ZdxEkWd7eATUC6ABNnW/bOArRjEQwLEQfzu0AFrmgaJJ/+?= =?us-ascii?Q?68xwyh/ZxAqM7+zEhEKz9mv9YHjDFWJt1fJvRM/9FryaWUdWYoAly3OXJJyB?= =?us-ascii?Q?4YiSvqPlifOmHt5GerztlVpYKSuEVTlXLfOo59mc5Dd1cXb0FrYXiUOYTvtf?= =?us-ascii?Q?CQmr0Ka4+sC9My5F551Sh+AX0aj/1AimxJa8r8UBeVZyZjmwLYM6x5l7QqrI?= =?us-ascii?Q?T+2NTJWSQLmV790rhysUeQUl8fYPY+nNhZIykbdxwdyUU8l5FDnmqDr8x9DX?= =?us-ascii?Q?jX+94b4JHqVOWhCbxmwEZBgPYvtXfLprJ0u7X7MnLv1fXuhIytDMz2jf1LUK?= =?us-ascii?Q?syrZWkYZtSVG884Xa7hxiK8r68YLx6iwynD37/YVbF1xZYuMK+7jbGK/iEhb?= =?us-ascii?Q?65kN75ccqh+vWlgCmLXjWPGNgs0yU7ISCf/Ej6soEo4kuGgsej5/k/wlPlV3?= =?us-ascii?Q?4PNsMIwfJhBWsc8=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:49.1570 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 41830522-848e-43e8-ebd5-08dd3022a3dc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6778 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if mds mitigation is required. If cross-thread attack mitigations are required, disable SMT. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 175dbbf9b06e..298acb80d126 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -476,8 +476,12 @@ static void __init mds_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) mds_mitigation =3D MDS_MITIGATION_OFF; =20 - if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) - mds_mitigation =3D MDS_MITIGATION_FULL; + if (mds_mitigation =3D=3D MDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_MDS)) + mds_mitigation =3D MDS_MITIGATION_FULL; + else + mds_mitigation =3D MDS_MITIGATION_OFF; + } =20 if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) @@ -506,7 +510,8 @@ static void __init mds_apply_mitigation(void) if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) { setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) && - (mds_nosmt || cpu_mitigations_auto_nosmt())) + (mds_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD))) cpu_smt_disable(false); } } --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2077.outbound.protection.outlook.com [40.107.220.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0AFC202F7E for ; Wed, 8 Jan 2025 20:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; cv=fail; b=RmP4absnIMR6ZJTBrMYMXcTwopjHqbNyCLFtODJCNPwkUcEsH67JDqUwvwQC+l55ChfKQ3+BpByJM/dVTAAxnm0O1+cHXyLEZBwhnFWWMUGtpkAKu9cc7PFxSlATbDZtJwCt5kZot+E77SRNMIE/4bAuc1KA2gr4hIIwBuxqYb8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367954; c=relaxed/simple; bh=NQmE5BdtD4cmtQKM5EdMHpK3BoXiX82F+mLezB3lGXU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nNEfyrNaGPVvQkh5cH8BIuhgUbkgPpaj3qnREVLTK7OLfj6Ql1d6YlM9Q5PFxnCAn+twiCsZx7fsJ2EPQzWY/Z3WvIcpoDdnAK31TeupoZF4QwgV9j5TMMgfyaXH/hH4f4X8nDdpdqhZ8q3vstoxs+tcklmScYMdn3SUOCZ8QgE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yANz5s/t; arc=fail smtp.client-ip=40.107.220.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yANz5s/t" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZuKYPInK+41VxiGXJ7Jy9nVtr94wqz56UHFm8S910ObkXR2AwF9UO+u2Ku/Rxi6qluxiCE4mqet/iJo+Kc6QCW6NSDCAhliVjPmj/pLvCwEAvQ6hCpmBuL94fBuXCHecgyirKuIndt9y1fgj1mCtKgxrwr88ijpvFGXNaTFmhXY7032Uhr+0W69joKngItCaGggt6tvqwQfKk8Qf+bXSfWd6oXQ2Bm5S6qIEqUXcfpP7q6yD22AAIAazCLUiXAkLE09G5wU0vSPe96OZfTnbSltTdMns4hk5sLkBp6LMfIgCqyPpwUT+9vk+ObmdkCcekQMl9Vu9RMTZSDBn1o7J1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=40ysYLHE5ww0ypx6mYPVpVJpmLxPuV0bAyZy6lu2Qjo=; b=wZjUqvwyJhYcspMKi7AVvUUS68urZxpEcRs0EsEr+O0NojWlNrjT/Ik42YOdheNzUz8VB3xWvvDAX4y1BolCwDz4CuBi08UOqXzrudfEmyTQBem1ikZMJzvLP5OYRh5ss+da1E4OcdYhZep/1C7S2fryPcLG/vDwxgT4lueD2KcMFhLXqGOr5Z1yx9RDpxNze9yG2tFtb4emYd/TWYOoCePHe/xTpbGzNCx3Knp8VCOqV7k5vyG90lEVVvHgX0Irqqtd2hUqVWne7B5s/ewdotekJkTUL4LGPBROpvN01LPUDt2nAkfvfhpSOCPWo6TRWGBOSTDN00N1UNTBJNNMOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=40ysYLHE5ww0ypx6mYPVpVJpmLxPuV0bAyZy6lu2Qjo=; b=yANz5s/t8b6axgrYe1ZJTovzBc9refBFyDvC5D1x4in64yGyMc7IbXgSnfh0tMUTReHW41O+mrA1ugmWRGYCHB9Y7OdNtF1NSb4JwWCvOos9xy57wXOizm16gT/lLt7bffGFh02BsFEFbFILXwpyJWjS5dhlWrD7VcGRTQmmQCo= Received: from BL0PR02CA0090.namprd02.prod.outlook.com (2603:10b6:208:51::31) by CH3PR12MB8402.namprd12.prod.outlook.com (2603:10b6:610:132::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:49 +0000 Received: from DS3PEPF000099DB.namprd04.prod.outlook.com (2603:10b6:208:51:cafe::4c) by BL0PR02CA0090.outlook.office365.com (2603:10b6:208:51::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8293.16 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DB.mail.protection.outlook.com (10.167.17.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:48 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 23/35] x86/bugs: Add attack vector controls for taa Date: Wed, 8 Jan 2025 14:25:03 -0600 Message-ID: <20250108202515.385902-24-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DB:EE_|CH3PR12MB8402:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a24c05e-ffdb-4332-96a1-08dd3022a418 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?d+3k2h2RVnxL3pwa9ZtIZvPd5U/0N13QY5JGeJGbUec4RT9gqBoGen8PDlBg?= =?us-ascii?Q?6eBDvhhV2hKwXpq0VlNAEMtbqjaCU6Z6jZDm2YmD2qGbPxSucKhrViPfVSHD?= =?us-ascii?Q?oU+CTPZrXhLpVnTmxsXSTAcSWHLbpsU9WMV5U9ai5OKn+xhtrBF2Y5a9nZoC?= =?us-ascii?Q?vrwOs5haM88zEtRDYN9vmkNjsieXVKfqk1ARjIrhZD+voTwBcpRZt0K2hAEG?= =?us-ascii?Q?LJ3kTSR+tXo+9XF0TMJSHQZjRitU83mSG6bM9NJbP9yxM3bG/5punqfbD3Tv?= =?us-ascii?Q?anLKo10iYBfg8NN7L1iyTuaV/Jb4u4i5vbHaHlXnUnjvV5hV4hMjsnoP/j3x?= =?us-ascii?Q?ePhJwtHYzolqbaGgg4My6mX1mZbzyYhxYgmymUFpqSJz8IgRkUeEpV3gA4fa?= =?us-ascii?Q?+uFqIawfoPv8T6cA5zIISFJBsK9NaYx6JNTEkHyQqXmpvL98tRMPKtqwpLxb?= =?us-ascii?Q?9O/yLCYW2+SZ9BAQPwbW9NHmL7Be+YcjqxUFBBgRrP2SbCtyjIpLV9WmWxVt?= =?us-ascii?Q?+YqUHhOHK/bB8xTNbH9laJH+aJ9r3xav4o+g9Ufq8a3jn14RIYF76+7cXLLS?= =?us-ascii?Q?grc0DhzHmhTPbfxpv0JB3KNFu0ZwuPrQEGnBx+m4/3llFAJGcrGs2FmnflSq?= =?us-ascii?Q?CmKgoGmcpmyF7vzD9BNKP6vgKsVZ9fZWA+SVEqdTDk2xjepH5f+TYXOQHzfL?= =?us-ascii?Q?nZfpzoku+P71JUxcbhlNbJHXBeAQ9NzANCseaKKuAoI0VBoYA+Za90QX9YwW?= =?us-ascii?Q?JhPvmy/5sAyXZwFLRlzK6ZK9Hicwt/zEynVXl8B+Xy8UQ9JMZeSXQRmmfa13?= =?us-ascii?Q?e2IZSmtwLH08FkwzKfWxySE+I32lQfjjHjbGG+T0i1F3pCOL2iqBRVevFc9c?= =?us-ascii?Q?1C8lFaGxFLo8jIaw8VIPNXq07PutmpK0fz/Z4B8yPQp2KyfeW+6ub6mJRBzu?= =?us-ascii?Q?O4/Y2wrjQ6aiViIwr3eBPxCIBQDGEeKxDzdTNrhF/GeKHDXMdicdLFYu7BPW?= =?us-ascii?Q?QE9yJprTIUdIjBYHUXE7oy/RUVC80OL24NH67HE20bEApPTAi+gwQQC8IjGF?= =?us-ascii?Q?k0cIshgp3shoegWyu/L3v4gjVg2bitUTaWstNzHAsb2yv+M5ElQsCgVSvQA7?= =?us-ascii?Q?9TyI+ck8eeiYC6wQnplYsPdB8vCxjVDBtTZuxNin3jhXiQpbGMfjvv5RtXhi?= =?us-ascii?Q?2vMoo+z84+lS4yrkgJyJJNFpHW1FiciVCIWKWmewT42jxAfxSJ4H77COTmQm?= =?us-ascii?Q?CweYDBjWtlhL7s+dptvxfF1WfTU/OaukJz4tKjUwG9i9OwZCyECDZGX8D3cA?= =?us-ascii?Q?vp+KGY1ciTPxdZBxwPZPwoqoWSXYNDdwFAVpiSUa580bzVBBNB+je6vThvd1?= =?us-ascii?Q?Fep2RJysmqxjBHh2wqlriHTC4o8kaI5SzRvqt/8qWKqeru4vPyO1EmKF8EjH?= =?us-ascii?Q?CsNBip39G8m4xqp0Du0VJFjZYtyLHufFEguKvij6B0nyNaEW0AZOa5AJgk0N?= =?us-ascii?Q?aoTFAT+E1sN7hOY=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:49.5480 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5a24c05e-ffdb-4332-96a1-08dd3022a418 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8402 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if taa mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 298acb80d126..af5aaa0397c7 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -572,8 +572,12 @@ static void __init taa_select_mitigation(void) return; =20 /* Microcode will be checked in taa_update_mitigation(). */ - if (taa_mitigation =3D=3D TAA_MITIGATION_AUTO) - taa_mitigation =3D TAA_MITIGATION_VERW; + if (taa_mitigation =3D=3D TAA_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_TAA)) + taa_mitigation =3D TAA_MITIGATION_VERW; + else + taa_mitigation =3D TAA_MITIGATION_OFF; + } =20 } =20 @@ -620,7 +624,8 @@ static void __init taa_apply_mitigation(void) */ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF); =20 - if (taa_nosmt || cpu_mitigations_auto_nosmt()) + if (taa_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) cpu_smt_disable(false); } =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53BD8205E2E for ; Wed, 8 Jan 2025 20:25:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367959; cv=fail; b=pjKtPsuPckPanW1YU0xb+2G/XLFM/7RCMOwnJdIzquxI81DQEQ1AWcJ8fYCAVVKbmKTOCO4EJWLf22Kd6RjMKJom5eut2N6DJiML5FfwcvuMlkAm98vGsk1jbuzrtp40XDIlGKQCZNpAdImOqTgJ8j0jiLV/oDg8gP2kokJTKmg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367959; c=relaxed/simple; bh=vJbQLcKdtye4uHLS2GP3qsBaZys3PxMTusiv46cIS/E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CyLtr5coSBfCys3RgdJ9M3E/6x2eHhocGvAysP9Y7Ee8WwItUHWBoE+zdNALqTMZwvX76pHH1mmKOEQgpWR5D/gk+WRnkFfdapdx+fR0tmHoAgha3LtKCub3aJttNrVMCsTYa+ldcOkbNabSy2U0NuUmgJc1MtkL5rV8O4godnQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rCJ2gN3D; arc=fail smtp.client-ip=40.107.220.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rCJ2gN3D" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PeT7PxW9LFrp101qMeFyVfywqEg0ld1Cve65rM+lKnzJZgjHYIiisOU1JfZSSPG56F2HhwUG/kKWM41gngUF8oGa3fhPKlvQCJxckJ9q9vt7AfuDDKj/pLq0OF9uDnMAZPSk+EmpKbNEIcKTW4LMpA/wcBR/7dMFiA8KMSB9Jcp0oybVOkO1J0xHuZcm7CVjnvSDn3GmwKm/Cud2KXj6xaQJswaGccFa9YvgKOGQPIjR//gXAQ1tudq+/XMd35p43Jo0pT80STFzAcMLfY58+s/YL9pgqwOtGyIy7HvJYOq5qpUX7dyR/qYxtFF+GXD/q6wt/EtcZ8Oeqdg3kn7ZoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2B9fszAENe5j6qL2TJ5nL2oc+yqbQ5KiI9Kx3KR7o68=; b=nZz4aUbfSKo7ztPOb/yKJHsrR2eNksdPzd4jbyVRP2+DCk4Qf432sUdp2LpOOm6hZYR2s87nsyUMuziQN3jLMegYeIeeRbKTCpIOJJ3yjRH2wNBH0ZcjO5NOClcp6k94YZFqE/J0qEXjH8pPoun5y6ooKXfAbrBr8J++mL+67xY9tOxYy9MfTp/PoGzARuegSto23Lmx2TI+vGtf8QZo093C3eXyQ+JakUSSeKVIumONvm6HWbBmv4nZq+msfptUjpJjj7DBXFWGyYsha7Dn++lZoePf/DQq8uZah7YzDphFb9m2WXt55Y6orWzmqC0r51YtgNvdhOUjvx8TF0rGWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2B9fszAENe5j6qL2TJ5nL2oc+yqbQ5KiI9Kx3KR7o68=; b=rCJ2gN3DE1Epz5StqcxOBdnVgoacu7QpmXvTEy5+hvHpL/2HYrJHCmmzpFAE8TTsKxG2azH5BL5feGtFwgYnTqo6Pqg9CEvU7NgJC76seGwihbi9/bCzXW8tvHUlEYObtsYYjeDhVRYghL6E0T+lXo4LDOch+eTDiIgrBfh/m1c= Received: from SA9PR11CA0015.namprd11.prod.outlook.com (2603:10b6:806:6e::20) by SA3PR12MB8762.namprd12.prod.outlook.com (2603:10b6:806:31f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Wed, 8 Jan 2025 20:25:50 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::ff) by SA9PR11CA0015.outlook.office365.com (2603:10b6:806:6e::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:49 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 24/35] x86/bugs: Add attack vector controls for mmio Date: Wed, 8 Jan 2025 14:25:04 -0600 Message-ID: <20250108202515.385902-25-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SA3PR12MB8762:EE_ X-MS-Office365-Filtering-Correlation-Id: 71e5ff5a-af64-4ae3-d360-08dd3022a445 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?b3xODPrawireqbsI+GeN6o9ji9Nmo+Dm7HKwyyxRl8RbyNkgH6v8sfTdm+KP?= =?us-ascii?Q?9tsoPidlJ2uObBVq2g5p/367fEybLkIIJhEcOZsEXk+RhNqF8Lenvt3gRwlm?= =?us-ascii?Q?K22MfSu+Ma2O7jdFH6/H33LEZDBix/aXNy/FzRRYsTSdwVIPBRw0SUj1uqVU?= =?us-ascii?Q?7GPa99sgWxbdTaz0o6Ke/bYIIexyhIeJoQyDgNTTfK094RiVEljMVVZuEjAi?= =?us-ascii?Q?5/n6VTa3AZ9aTnAs/54X00IxN4aIrQyARowmT7nQ82qZ4PHulDjnLuVOn7ae?= =?us-ascii?Q?+ANUD3z7asnjkgRYX9xvZOxFmaaYVnC54P7sK22temzOEjJ1CD2O+JHeYHYC?= =?us-ascii?Q?luZD1R7m4bpicBpkNT7/K4tkLTe43qMQSjQPI/C57MkXNHtysy/0IWo1bmJb?= =?us-ascii?Q?xajTrYi+IbCAmxNbJvfDR4m/qmYSOf+qxt8Fzdl0shBavSw5qccDypYimGkN?= =?us-ascii?Q?y9PDhR+GtL+suXxqk+8JCooJefWm5beeTFxaUVCUp/2PpykcxuneaXaBqoNd?= =?us-ascii?Q?cUiaG32OolfAaQJ2YYgeYQW7IZNBPun19B8wHqKRVKBQu8HpchbOBmoRR4sZ?= =?us-ascii?Q?L6KYkSZ3ETOgmV6LztJxTJ7jgHz6n/VUdm4r+RCnro4INrlVuIaRkvFHHXRO?= =?us-ascii?Q?L22+sB75asp7o4FhENcwcAtYjH8oMxr1D248UiD1gQUuAkV5+ZnAXWggjv9A?= =?us-ascii?Q?Yb+S7WzaZG+0+2d10bFfCqf4mfHqi6LwO4fx7Ky8zAJSy3EiE+VrYXzTYILW?= =?us-ascii?Q?p7iTHu2yO2AfZrUzzXS+V1Pt85fsEPrdf3fXVmtgclislhYjCCOBmtBCvC1g?= =?us-ascii?Q?A4jC2Z0TPJTF25u2LM+my1BgwoUiUou4rEN+sxlovQ80fOiKfVmbkqN/ARMf?= =?us-ascii?Q?4IB5JaoVyzWbRbcVDHU6/mwTe8dGRJqvOfydSIhw5VcOqtcd2m/GVHhw5qXj?= =?us-ascii?Q?XCpI//niUH0ohTgV7Tbu80WG8Er31UDgLLlMnsoGkwJKRGAsISXQO73wY0NJ?= =?us-ascii?Q?+hZqSXMTYvF+ryR+fUnE9glFpewEqce1YNMnna850FAWC2ZIvZJWrjNvSPel?= =?us-ascii?Q?rdc8SrY79JiCAMs5LNxChzK/UaSdwXT2WsyvD4t/9VbmYYdsmqtH6IfmBPnA?= =?us-ascii?Q?k/XQHNgvFHilryCKXCP6soFeBL9iluZdMc/IL170Wbjn4YEtqON7AxwIS0B3?= =?us-ascii?Q?f6e/e62X29IQjtYo6q3WB3DtvrNEql7E7uenh5MkOEJ0DSZ8DrmXXo+bLe0g?= =?us-ascii?Q?jnYilgut5CXSFNKw+tgDbhGSBnEJWwlPtPdh8N03j86uI+hgZXUaFvlCtfW4?= =?us-ascii?Q?ucDvrchGj//VAHycg232MQYFUmtVUeWuxcAej4LjdiGseaF5sfFV4TbggE90?= =?us-ascii?Q?se40UjSavKfnuHBfHIBUFUfvbFu/0mRNzn5V+RFbUAcK/MYw2EpQ6CENHqqF?= =?us-ascii?Q?MnvcAn6oB9DlSgn7GrrnAl5Rn5PEGmu/rgRDUgrEAO+whL/2259iIi1U291N?= =?us-ascii?Q?j828DlW/aQdpQGM=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:49.8445 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 71e5ff5a-af64-4ae3-d360-08dd3022a445 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB8762 Content-Type: text/plain; charset="utf-8" Use attack vectors controls to determine if mmio mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index af5aaa0397c7..4249a1f1524c 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -676,9 +676,12 @@ static void __init mmio_select_mitigation(void) return; =20 /* Microcode will be checked in mmio_update_mitigation(). */ - if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) - mmio_mitigation =3D MMIO_MITIGATION_VERW; - + if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_MMIO_STALE_DATA)) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + else + mmio_mitigation =3D MMIO_MITIGATION_OFF; + } } =20 static void __init mmio_update_mitigation(void) @@ -739,7 +742,8 @@ static void __init mmio_apply_mitigation(void) if (!(x86_arch_cap_msr & ARCH_CAP_FBSDP_NO)) static_branch_enable(&mds_idle_clear); =20 - if (mmio_nosmt || cpu_mitigations_auto_nosmt()) + if (mmio_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) cpu_smt_disable(false); } =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2081.outbound.protection.outlook.com [40.107.236.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F300D2054F9 for ; Wed, 8 Jan 2025 20:25:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.81 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; cv=fail; b=uUVjimui6rw3sJelVOcB903KSQeWhTfWUwU9GFyLXXsYJJcDOj45ScsrokMI9J5iqvNKQo+ffVaVyl01//FPQTaQ+y0z2jTEaGhjReSpFG/kIkz6pZsQtAsoy87wEDD0qjlgfRwPh8blKHooTEj46DaXo/zYAc/fSRtLAbhM8Js= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367955; c=relaxed/simple; bh=cnrtMCI+1qqKwatptiwy7BmeRJ03iH3EdfMKJ0J3Dmo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ugtrE2vmcbb+XR4aM3hcc1zg5LICdNjYACwBDBhig2xroUiEIbEUoRc9tUyBIk6jmAK43YlRWHVFOX3er4Xt3rd8x7eKD2lVjtT7ht7bTGlXhJiYdyGN4dFvdUhlhuECE7HoMlOxEKOvbEe2SdAR6cWBxC1LfvQVyM8cuNY0EHQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=NrcV8I9c; arc=fail smtp.client-ip=40.107.236.81 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="NrcV8I9c" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uUXA55ymFLQVVeO+hGmWX11J0ksp1ZbreYde5+Vo+bkK/wXRwF/WpXw/FXLrKe5892kSXRVGv7ZyU94qNM4A0UlDR/ZeGc4g4zuLCqpIioBjuZba6XHGfKML7NHq6Ey/aEDOE7jeiM3+gy8ZrMwQdNuYOicnMrquca5oR6tTVenP3DdDzVMCVicf50Ch2kZj21NrlkVksAIDQoXwj5FpiiCL8Ea8gGqobqdztVI+4DXlFHuGHm10UsRISZbAasC/k4ojJYqx8+czN7sSkMMfORSaMjithRg1b1TEu+1nBp24OPwzm0AUIrQ+/jogxP7nGeTf3VXxZXRCA30ZGJ/jbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UI2TcdsZ+0QzD6Iftw9Wzf/KKoqYTwP9jds0wwVqR1I=; b=Y6XI26ngAOBGbr5YW4i5eEtUUuKdfbwwrAGTYAkmsXPDELPo/rr34TuQsk5l6DV3U3AxOMYot0AbGhalms35rvPBqo9Z1NsozD8ainUJBeJEk87/i/6XzetAnZqgJz66VG75iAj+4T/bqqs0zQmpZ2b84DQ+SV22xekLAnHFAha6pow3fguPMcZE9q1CgCr0+UIcK6qiCORBbgytdh9BDUuSG7yKTVgmUqa0+Esok0y2nrKzcs1tozBk0Uw1Dub5o+2EGYOhk/uxqnp4y4xHfyDhKFNnxRZtUoxmqJexlRtb0gXkoN/O11sPxup3nJvLAWcNIW7fkloCZzgo4ZIaUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UI2TcdsZ+0QzD6Iftw9Wzf/KKoqYTwP9jds0wwVqR1I=; b=NrcV8I9cDGrUzbiU9HBdPuQ/MdW/yKuBYgfqTBw2lqje/SC5g+VIVE4tBUh89Rwqfv5rV65S1YrQiSPTVvi9kXcIIbNi1Jio2sqstJ80fYZV3kR8SuFVUKYAq+uX1kSSzircnKTWEp/T9ypaEN81IP9o1/UEFv1IspE0ofrc/dI= Received: from SA9PR11CA0003.namprd11.prod.outlook.com (2603:10b6:806:6e::8) by BL1PR12MB5876.namprd12.prod.outlook.com (2603:10b6:208:398::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:51 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::62) by SA9PR11CA0003.outlook.office365.com (2603:10b6:806:6e::8) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:50 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:49 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 25/35] x86/bugs: Add attack vector controls for rfds Date: Wed, 8 Jan 2025 14:25:05 -0600 Message-ID: <20250108202515.385902-26-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|BL1PR12MB5876:EE_ X-MS-Office365-Filtering-Correlation-Id: a4f39162-982e-4e4c-e342-08dd3022a496 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3ufOkmP0qnGpzLDSMoQwpMRx6R7rn5lhe3N2UtFexv6PBnxcn7pF9eoq7VmM?= =?us-ascii?Q?tBZlzscUrcoSWt6wQ0okuSAx+PwwNwMYHNsHh9ySb9qTUYlDDbEerJqvPmPn?= =?us-ascii?Q?LMS4ywq20waTlp9NWoU0IlWxnmDVd1G6yK/N14iSLJH3i8TSskmcLjN59dYo?= =?us-ascii?Q?5lNnNLyTz85wabuQdGm/HnW+nnlxhv+TxSKqNNcwf0TRGDEO5sAABKVfFfxi?= =?us-ascii?Q?hUD3OHsbw9G7Gpg4QozvUXoe3mpeiLtdOntLbqv1NYFW8KqE2I8Ax/q/1UN7?= =?us-ascii?Q?ZhXkOrA8pfO+C2TSzgxoYNZ2/CE0R9VdQMb4c6u1PYj8/qCt6HjQ3SiI338y?= =?us-ascii?Q?kq+Y+X//BKftNbI5x+dqVuqIoP6SLp6igKAMEvTLbb8oKZqf63A/9zhRpbUM?= =?us-ascii?Q?SsFe2Z03lhzw2gi/mTr2EIKJaF5PPRsCYAvlyTu07zmUFRuty8oOW1pq7+qn?= =?us-ascii?Q?2PGacsjRVYamDewvy9wOtNXws5s83v08dJxHlA7FV5Vvwtz2KJxi/T2VUADS?= =?us-ascii?Q?sgDYPQlOKxt2IA6qogWRArz74pWewXWFa62khQUcO9qUkw7z92vVLfvtcFzi?= =?us-ascii?Q?062kpnZBPKFhzJ4MRCW74eXdGIixVMGY5w2Din+UseI/uZDSQ5vZct4/6y/m?= =?us-ascii?Q?DDaslY3EcCURSdg61syfRSM1I5hDDlr01tRsoIDP2L7KG8JVbhnQLQcBTOyE?= =?us-ascii?Q?i0OP0rdpcAThacXdmU/ozHVioplxb93lP2iNUG5peO82IrwscrrMq2K0JZUE?= =?us-ascii?Q?oi2W3ZGWYIwiEA7A04t6AhjqxnVb+b/TEz74Nn+DAS9eak2QMCoLdgDdcA4y?= =?us-ascii?Q?zmY25N/LXTrRZiFzMc42tcuGKsuwsRqDVnft9Ji/F7UkNCSEoZZUqKsNVR8K?= =?us-ascii?Q?wjcCoodJ1HB7AksIga2PwpCxHPtDfe5BDmsNpQsZLjgeiRn/NPOyv3I92yeZ?= =?us-ascii?Q?WKmT7t8KmVNg6hGas5S+vrA5vH40nUCBTLWBHnLgnuXg6PI5PsaraHUcj93m?= =?us-ascii?Q?4R8Kduaj1RIPv8Ny1cKr2koDWRFHJ/6XYiBiwoJU2iEa7N5PetnhbtsBK6UQ?= =?us-ascii?Q?BreTNoW8yeF/10bpamuWx2MCjFMUl9yMjotzFY5tsqYIIchjfQBtycUqnkch?= =?us-ascii?Q?z3HxxbIo1pXpzP6pbZqUXM25Q5Ye0dXwq6I9bF0ddG1lBbJfYLptytUlRES2?= =?us-ascii?Q?qlg97i0Y/F/QYupYSQyu8m1Dxlk8+1aOonjrYeuNWMJaj10eopEOMic/qu9j?= =?us-ascii?Q?owQuUMCwg+fN4M+9f9pHyPPr6lYjLccR8k1Kso91Z0pJxk57llv5wNTUGMxt?= =?us-ascii?Q?f0mqpbyJCOeOa2SyD4BNB3q1ilWsV8QbRkO4L1/fk8hhhFpdG7UhUmPQGgwC?= =?us-ascii?Q?MpfV1e2n9kcEbCr9Lva8mxxC6Lkx94bNFJOeImm41IrwWpt3MQHW1qoKiero?= =?us-ascii?Q?86TKv/gQNdUViJPEvqe9uZ3+aeYuPUgKGz+jFZyFCpaeEY5jJY4vkCG+cuJa?= =?us-ascii?Q?zQpDt6bE896aAF8=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:50.3758 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a4f39162-982e-4e4c-e342-08dd3022a496 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5876 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if rfds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 4249a1f1524c..d9b12c706fc0 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -783,8 +783,12 @@ static void __init rfds_select_mitigation(void) if (rfds_mitigation =3D=3D RFDS_MITIGATION_OFF) return; =20 - if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) - rfds_mitigation =3D RFDS_MITIGATION_VERW; + if (rfds_mitigation =3D=3D RFDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_RFDS)) + rfds_mitigation =3D RFDS_MITIGATION_VERW; + else + rfds_mitigation =3D RFDS_MITIGATION_OFF; + } } =20 static void __init rfds_update_mitigation(void) --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2083.outbound.protection.outlook.com [40.107.236.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56F3D205AD9 for ; Wed, 8 Jan 2025 20:25:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367958; cv=fail; b=P+W4jZUdAsx/GwBjVT4MszvBjcAKPSYc3I+xHxJnQ7hmxd9vL5OjTbOD1vvgDBSSYkL/9KZc5AqkUDiNKM0q5faaTJAhKyI4izwLImWQYdyXteZ40E2cJ3xC686HHRZq4ck3HZkwhcN/s0TL37M3c/wqgfkdy7uo5q90pdVDs6w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367958; c=relaxed/simple; bh=08eIX8WQBoFkF63LnD/rESY6J+lHoqnMvYv8Oe7ha6M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LSkIWVNJmr0qv8DWOcXUvX4NT2kC12M2IxSv362fek8KgtGDqmTRQOUyI0rKhCfgbN4lvSWo+u50BSCJhxpkY5/CCaeyZXsRaiIOkQ24k9g0305RpE/bgnZVKxGsuFDGxs9feMz/eSmdh8hkCpSs19KZrVzlM7ieziheAp4KPrw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=0YLBeOg2; arc=fail smtp.client-ip=40.107.236.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="0YLBeOg2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JnNZ2Ri67mudHxTNqFjzVbPumKsqukR4upXw64ouWXZ/Wt72X4E1jTw5QgPBeeiPKUq2cLjpPBrSjoFdb4yj4R5xCidsN+XOU88YvdDiWjZnqIcXraj09U16FuxUFQCDYxuK0zNLsWs1Jy50Yd1PIUCxFAPbYF7dkIijAEBikjIyazJZWEgr1P0bEkr1yQOuLWRzHEfLTd50EpS1mMk8yP02sNv0bRjsTaHX6VzeTu+HQF1nZTiLc6NV2o6B46rC2aif789NlKOE7UMjG6C6cbl6LeZJZ0VLKnzTByxyu89GgK8+MVOUTK1LEl+UPrwUP03rIY5PGaDDdTc2HS0W+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KlF+QlRgIBNLpN3OS4NNpQ0AqKMTcTzUE26psRABnuk=; b=X2AaGQwbiXW70iqJjkpj7jdN674XDLrvKqU5oyGAJdejiyFu/JZRUm9q3R5LM8q9VjpIzhJpGNqPLBCx0cyOJEBTE7C1YZge+9zRTvlyrgqh77/mp3htohbEvSVv74DekFRWT9JyYX8JCWTRF5440JQQVaLdDWMnIGYbasgR4sUexXD++z9/cUogUnK/rXd5jAA2WUbbXFBf9AEv0FCyb1Rss/tULZjZfnHxgwTTgCjE0MS3TqFpzoiNV9+3G3Csst2w3RytBPYTkkJaPMw5a+YJ3HzdurpNIm9w+U11lJbOF72mQTYoTauaJ++noiSTvkGdvyRu5KJufiBYYWvKeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KlF+QlRgIBNLpN3OS4NNpQ0AqKMTcTzUE26psRABnuk=; b=0YLBeOg27WyXgM07SlHrTygYRsVJo5YzKBueML8L/1LR4sMqEh6CI2t3ko5dLyRZsjvDDxzQNZF6w7NTW7TYIkEsU0k/8GgySzqW/R9pIMdsVHQV+RK2NVBlDmtVLdcAVOVyUWQ8xPxE/ZXvGvAYDnrByAlP/WxRS7jko/NXtJs= Received: from SA9PR11CA0014.namprd11.prod.outlook.com (2603:10b6:806:6e::19) by DM4PR12MB6229.namprd12.prod.outlook.com (2603:10b6:8:a8::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:51 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::e3) by SA9PR11CA0014.outlook.office365.com (2603:10b6:806:6e::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.10 via Frontend Transport; Wed, 8 Jan 2025 20:25:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:51 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:50 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 26/35] x86/bugs: Add attack vector controls for srbds Date: Wed, 8 Jan 2025 14:25:06 -0600 Message-ID: <20250108202515.385902-27-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|DM4PR12MB6229:EE_ X-MS-Office365-Filtering-Correlation-Id: a47df253-9e6c-471c-8e08-08dd3022a523 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?6QAyCnF/U8DRH3hR72PITwgtCwhOxz+iPKEjxuRFQJ/Ze1M8jkGuhQxsIuHJ?= =?us-ascii?Q?v0UoZb5XLFeoPLYKhxTOAsIABZZPsD+ZD+B3U3ZAu5Iu7pBtHSkt2cwC0abU?= =?us-ascii?Q?xXB8akqZB2tBuKHotQedTKX2HEmUeThXK9polwVX18vXTZC1b5gSDEk58HXp?= =?us-ascii?Q?JB+K/jhszzeWLwyTwW0f3gcRGaLBFJKBR1NJRoynWT2lit6IdlspYDIabibD?= =?us-ascii?Q?zpNrvE58CJMoqF3hwQPSJS7itFJmRU60oq2NByXfFgtq54URbjPlo31QZsAJ?= =?us-ascii?Q?DT6LdLyPQ9xzUlwYxGD6Ojrgravu4mosBhizGPCtZsRNNfr+/y6VnP7tC2v+?= =?us-ascii?Q?8jYslkhaNfDsE2Kal8PX3sNvE3NmMtaqqgXNQqlDXMq78vaBUuGPizXjV+r2?= =?us-ascii?Q?lMWDhTZhylX/CdBDcw863WHVs4v5SjkYKYzGgYTZxxB/bC7TYBG0Yu4BHsHy?= =?us-ascii?Q?hgi5g29/6EfuFOwoYuV3EyrJSNpYSg+HRbvYZ2KUi0PjcQ9eltX863TvXsvD?= =?us-ascii?Q?nLAOBZ/Z70xVyZFLKr5wzatNhHT7XTjXprQ70t+OpFtqrrEdnxwpe5uF0S4Y?= =?us-ascii?Q?14wljd1GRCbERRZb6rSAXIgx6Gw5ETf1Ijs5vQte9D0k7rKpAnHP59a0jrfQ?= =?us-ascii?Q?/AUcbU1CFVgPGDy14lV45mc554cR7W0H/zr4XCjq6MvCrK6mUuSolfQa0qlf?= =?us-ascii?Q?rOhAO6UjAA66t7gRU4M8gjGRb5w4VJm60YCmrHa7BtTK8lweGYOz+F0PbuPC?= =?us-ascii?Q?zQgZUDA7VYOoWRyZqaXiYwzFrM0+05e0ZdrLoOGhdagGBlJ+B6se4kvPkSoC?= =?us-ascii?Q?w/1SSXpaE14TJH0YxFFw8IeQg7Dg6ctEzaLxRyywp7ABkcaZEcqcnAb0/ooY?= =?us-ascii?Q?/XdPUC5/iQ09jujrgyqi+m4/pqB6DTZ2cuZ0PNOeE6TX7NnZctsRE0+H3r9l?= =?us-ascii?Q?O4UVFyhLB9XvwtMA/a4iEQwFhBpA4jYOvujgOpTHxLxoumHrLQw28cqAKsAG?= =?us-ascii?Q?ZVfRfseboRRJREF3ROd4hm3IRavpc+sdIfFoGLBEYVJpo6+y5Gv8Z8hiOCVm?= =?us-ascii?Q?FypmcrMdjTDIKC9SFk9vlPfOmdOKkkRMUjyKZwpbIhhqX8aX+1KVhFzzMv3W?= =?us-ascii?Q?oG0H2Xiga4k8vX8cah3o2mAdePbEhqhW7Yir4LY2AKq9WoFHHYqcYSbLocxX?= =?us-ascii?Q?1JRUQx/WNVH8BQggeUU3VZLnfdFILG9KiRbxJdS5NeluEYJG9E+2jzeHCeZ1?= =?us-ascii?Q?bVSz/wE/QcpF4v6AFMNjpRoxb/1eWfT6oUCq//kTcl0TsfOD7KF7G5Q9h0BO?= =?us-ascii?Q?bHGq1Eb+tBH/TpgZEo+MKxM6mwjwHxrD3iuKjEQfm98TbFl4Zi7r825smQKW?= =?us-ascii?Q?840mVtxC61DG2qAW+Eade+I+CNewE5k1UsudPst5gF6MAaXgAQ7l/Ivpb9+K?= =?us-ascii?Q?Psy811jwkV6ire31io+amcVA3/2evW4jH9aNgppBnroh1a2O2+rEMAwHnfkO?= =?us-ascii?Q?axM5kqa97p5c45Y=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:51.2976 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a47df253-9e6c-471c-8e08-08dd3022a523 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6229 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if srbds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d9b12c706fc0..c6b395608c3f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -897,8 +897,14 @@ static void __init srbds_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_SRBDS)) return; =20 - if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) - srbds_mitigation =3D SRBDS_MITIGATION_FULL; + if (srbds_mitigation =3D=3D SRBDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_SRBDS)) + srbds_mitigation =3D SRBDS_MITIGATION_FULL; + else { + srbds_mitigation =3D SRBDS_MITIGATION_OFF; + return; + } + } =20 /* * Check to see if this is one of the MDS_NO systems supporting TSX that --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2057.outbound.protection.outlook.com [40.107.243.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A2DA205AAE for ; Wed, 8 Jan 2025 20:25:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367957; cv=fail; b=qjaw+E1b1LbjF/lwhSy/b+ALcvvSry51rKI+zzptUuiVUSTCJsBHTPmddRindRVPiRoRT7TkxxymsQLGwJL3sLor3jXfqcQ8Mq330j1qdtsR/YRgsQJ8W7B0+BsOs7CTFpheey6WlewNqH8+WgI0XTZ8jaVZS48GmI9WB66lRQw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367957; c=relaxed/simple; bh=K0G7F7Yt2YejdxM/DpNwzQEA9+U+TUac1clIvVH2Nok=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=U2Mof5up571VZHAgbFxuCukhCUg25f6S0iGCGsntvTNGtQNPt/MHrgPN5wkhsol+WmJ3YfGgwbpcakpGgSsw9+YRnVYwu4+NmOxR54kTHdUFFRaoF8v25yPb+Ez5ah6acxsfIEO/NMVZcHyu+ZqKFc5j/rPRow0cY3MhlUsoMU0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=uARjZrdX; arc=fail smtp.client-ip=40.107.243.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="uARjZrdX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jA2QpLN5qrqgrtaoJG/UI9wN8eLSmxjDphXa8fzMqYUIFHG/8M8xbUO5Z1y6ArEdWmjNv6bBJU2feFqUO65kv3i6JqB5ICJ/Tn54gx8MKgVQQA6ZBR9FPLStBQEeqtjtFPYizPmVj2LErpkU/NkaBvWcyzcwu4WlltLN2LcNtXa7yrf7hJoMA4mVolYuuSYACEI4VZGBWJ/CfUvF19bF0f8AWo3GfiwHNtK7Oz8YUElR1x0QLLUw++UWLe8AZJjG/LpUyOoEhZk2A+JEl+IONAC10b+seM7CLgWIfxZzX9rTToJiBrYldwcIS4m3YXe9X5fXOc716+jry5kgQnSDkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0EZUj9E1gSknp8Knm/l91e7Tp80eDpvGlBHdd4SDHqU=; b=Wtk6ocKyuxLYR/Xh3cP5t74tvTDtcDaK3ppRvuXyOHN9JXcCXSHJxEgFNJDSxDb8hJoDZrnl500AsAqputsNs8pEwUbHIwj2AXQHRw034pihFu6I5dfjDz8DmLpdYyoa/7twJvGmZJ6o57Qwy0I+nDaPl6XTutRgtp2LyO8FIAIXlzaUGpHXrLiHo02mpesEgeFBH6126i53Kjq3BkC8pEbhsIyARKxwz+/DcqSCjqMytNJyeqLEK2E3G78b8UCjA83Zy8V8R8ccpvOE/PNuCT2M8vj/gr+TJLC7HPkx+qFsofXaNM8oOFe5taqzTS3JmEmbHSrMcchagRkBRS2pBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0EZUj9E1gSknp8Knm/l91e7Tp80eDpvGlBHdd4SDHqU=; b=uARjZrdXH4I3hgYYN1m6nWGKD4CJhI/SsfYYbv9N/vSw2U3raXoKaEpkkh/hxHCO1CwILPWs8/fRIwqzkls9IfneJUaIW8mZQUe9L2KERiyd3JNbNztdZ0I3yqRt01JQdBBZgk/Awg6nbkN054/1exGdAlKh8nk54KZFYd6yJyM= Received: from SA9PR11CA0013.namprd11.prod.outlook.com (2603:10b6:806:6e::18) by CY8PR12MB8196.namprd12.prod.outlook.com (2603:10b6:930:78::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:52 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::80) by SA9PR11CA0013.outlook.office365.com (2603:10b6:806:6e::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:51 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:50 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 27/35] x86/bugs: Add attack vector controls for gds Date: Wed, 8 Jan 2025 14:25:07 -0600 Message-ID: <20250108202515.385902-28-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|CY8PR12MB8196:EE_ X-MS-Office365-Filtering-Correlation-Id: d08b9bd0-0f73-4e44-134a-08dd3022a58a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Ms08A8IaLWOFKBdqRvW0BmBsFDxquqjWQNV2kmQpwCP8gV4d0A0XO1UkRQ2O?= =?us-ascii?Q?D+vd39kwQ2u0FrytIKD+QozHKUSb2E6CDtTttrXyMhPhQwVWCVAAbT2wC39v?= =?us-ascii?Q?xYZ8h25JLNjvwB7JapRQ1I1oadBTpVGtt/Rf9IufX3JYUScWlmEbAbj/aomZ?= =?us-ascii?Q?oM1OX10Rs4ElTa9Ivi9hBpEldfQhgdm9ulvgIjdadLYUQvsBflTVtVrITUIF?= =?us-ascii?Q?ZzQSurAPJSGtYJZS1ZYtF8U2qYgYC9WioPa6CjZ6zZXeZfli9KshY+sm6LNK?= =?us-ascii?Q?IgwNLnZ3s79QbOvpL78a6BAKiD0TdgdEA5CqPeivd+9CuKD0SInCn6Ig34ig?= =?us-ascii?Q?6fyr7JezDBr6sOvdRL+TkHNhfjVJ4qMwJqaGSQCxeNJvse1By+zfNFCO5gag?= =?us-ascii?Q?+XRMpJjnY7+cnr90A0rPETkNP6JkE76blOKb3B5/DvAwNPN+7/VTOrmSGEUU?= =?us-ascii?Q?jo9NmrA5v2cI3C/zJCliF8QKRj/M8W7NAMQvFKc7xpAamVFY6HYeP3VBqEkQ?= =?us-ascii?Q?7oDPpGfiWNPRFS6yet4MrBX+XY/AiBrK4enqVnp7jZyF7m2nFCggmrhDflZ4?= =?us-ascii?Q?UuAI1L17IXI9GMdoErVdOG4nCGIsvF1KN+fph0UUHILflhfv18iNI+RAT8OU?= =?us-ascii?Q?9GLsWafAf5otQxF+UqPItzqFXxV1vw1uIU5admLe61UsiSI3+mzMcm0hFZEn?= =?us-ascii?Q?0jsaxrZ2VoVbUDlfD4nyzfIK8mC34MxAlrUvouSG4K800VV/lTeNJHQE/uLV?= =?us-ascii?Q?HaKZA4iAXsc6KINZmOeTHZVS95In4p9KfU7fA7CexKSCIrBgs/PeVFfJ2saP?= =?us-ascii?Q?ou+MAqIZoPeeHD+rnQsCZOrX+x5K6IXrq9Y9NUeTB+LPAOls+S362lKo4OTW?= =?us-ascii?Q?HjGqQMwHGmBWM1Ct6D0XFp3FfAjU/W1i73LtjAWkpbNlV/sY2KxLdSYLo//O?= =?us-ascii?Q?pP28kZqOxCGqaNPgkhojTBi9D0Q/90rNKASgJACPjGdkobfGBu/G7PtL8BdQ?= =?us-ascii?Q?94qvJ+ZRu5QUoqiM1dR1UCo7oFDJv8Y7OfC67eEKBOq61QMK0L6X5ODMydLA?= =?us-ascii?Q?CM+Px2UY1JQVzUixdh6yPB3PWkZ6nPDsQ+NncP+5c29JosbHol2yP3F726tY?= =?us-ascii?Q?I9a5JswCkAbnjkc2wpWPrkkg8hohA0VaRheyg/UB2unyok+oq/dKOCf9sOTF?= =?us-ascii?Q?YzqA3+9dAfaLRvTr8YeFZABLlQFx7f+wtYEY1Qroqp0tLWLwoU688eIrJ6R7?= =?us-ascii?Q?nqf1IXWvcglEGJ7ZMWnblKyrTldXp6yAZ3UUI6xhsD7XZCBNJV9oNZ/XVLfm?= =?us-ascii?Q?8ymmaVQn9YL0sBFyeKZc9u8G5wb/UacGRn4+TpGv9DmqtrEH3yO/7f8MHU51?= =?us-ascii?Q?S7zcqGq/ExQOfSctq3ry7Jey1BLifC9GDhRIO9POg3hHFbUn57tD9/P8GEIL?= =?us-ascii?Q?rUOE8GjtxaarU+maP1yi97frYm6E2pZ8u+O8J0cYcGsy/y696bdb3tvnjQ0G?= =?us-ascii?Q?DXPPIHwiBsAiyH0=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:51.9695 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d08b9bd0-0f73-4e44-134a-08dd3022a58a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8196 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if gds mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c6b395608c3f..9c9299b988d1 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1058,8 +1058,14 @@ static void __init gds_select_mitigation(void) gds_mitigation =3D GDS_MITIGATION_OFF; /* Will verify below that mitigation _can_ be disabled */ =20 - if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) - gds_mitigation =3D GDS_MITIGATION_FULL; + if (gds_mitigation =3D=3D GDS_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_GDS)) + gds_mitigation =3D GDS_MITIGATION_FULL; + else { + gds_mitigation =3D GDS_MITIGATION_OFF; + return; + } + } =20 /* No microcode */ if (!(x86_arch_cap_msr & ARCH_CAP_GDS_CTRL)) { --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2083.outbound.protection.outlook.com [40.107.237.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18F832066CF for ; Wed, 8 Jan 2025 20:25:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367961; cv=fail; b=Z8mbFq0TTTjVCn56vykaMBtZ97et/tRSJHf49EQtuUatc8X0l8Oxzy7X6QV5HRldF1gNQzth0CzKtOMVjm2y/7ASVkk4UX12A68viNUSUBmWG21MVa4Q8FZhafEO++IFSqg0Md6Y3XL8w3IFkMz24g7mfYCzMDjbIoACdrUak6Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367961; c=relaxed/simple; bh=bV64Rz5gh3QY/Z6dRkYlxMbK5vmSPF0CgOTj1bOdG4k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m5Y17FHV5ACcJyUlPQdaqpWG7uCOAkj+dNKswqCmJEFlxEhgivpfCEwKDvkEdFZS/c9IAmL49v9l9j6abp/kv1I+lwGTMQhJZSsGx0lcjjZS3EXnKUm9Kj4h7k6zjrACtxawZ3J/DwHFD5wD447CB5YDtS15m1WQ5OkY0IlarMg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=F7znLlyo; arc=fail smtp.client-ip=40.107.237.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="F7znLlyo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cRivOxz8gtaB8NrJz/2/2uEtY7/HKA/iftS1i3ukOlo1x46r5PQ6zFwBu6p6ju/KL0TDs4zIORqXVUIZp3aFRenjDHL+A6RzNnTCVIu3kL9yqmaAePKVp+gVYp0oeVwFl68u4lvihAD3hGsrJBz9JCzxnF5eWnW2wfpMMeklL71EZLz+S+ttru0Ji0h9t4le+Fg83bpgZjTC9vziTzmO3D45N2YwxRvBYRbO9NNvATwxOrV9e3mJuT/Apw8s66O6wduXlypK53bHv61M9kak/mNjV8oSrWb+QyQUBbVfQvcGu5Z1u6WvYz5iQVSpu+1iArWEX9HepII8EfeY7BA7WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WVNsFk2dTw+XUEZT7Y/Da+DyfuD5bKwVINk5x+K35ms=; b=EHvyHHYfex3k6ASdPx8sPWBMC5F0SUw5w7PKOz8OFeDNnGXfpwsg5T8bL2EAx7tALkM5PaNzPNVrfFsGJIO/bsW5DVRIzy6GiJFxLNiRUNDIPoUEe8m5w86LgBqFqBby5iLc25THLlwh8yKsc2ROYMXHnI1ajBNP9ZV1wLO92jrCLsrLyLY3yL9+tP50Rpuv6qw+zBavhIYWIMuYqBqbIqGsTF2rxP3sQWPGZRaHYwjxd1cTpqtdNqM/cpYliBNoQIXn6tFX0tgTjodGEs+tjzD0d43uJwFCG62vD9dy69D3MVBf5dDtNwL1B0WHYiCGQe41yPtDISOuGy2AY/1TEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WVNsFk2dTw+XUEZT7Y/Da+DyfuD5bKwVINk5x+K35ms=; b=F7znLlyonXOqfqXNe3z4W4rqQZLOpdW19gneVlnQC/C3apSOc2g8WrKwiaIQ8Au9UeDPiGIRSsh+osqzGi+QGhUUW482Qv4z8DZAttC+/WLJA9TWRw87kdQa4NJr0xJRvnJkqo0ohgg5dj6DeroRsoqcu7+SrXrpzDlWQeV0wHQ= Received: from SA9PR11CA0023.namprd11.prod.outlook.com (2603:10b6:806:6e::28) by SJ0PR12MB6757.namprd12.prod.outlook.com (2603:10b6:a03:449::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Wed, 8 Jan 2025 20:25:54 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::bb) by SA9PR11CA0023.outlook.office365.com (2603:10b6:806:6e::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:52 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:51 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 28/35] x86/bugs: Add attack vector controls for spectre_v1 Date: Wed, 8 Jan 2025 14:25:08 -0600 Message-ID: <20250108202515.385902-29-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SJ0PR12MB6757:EE_ X-MS-Office365-Filtering-Correlation-Id: fbd07725-b656-47d5-829f-08dd3022a61b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?r+gszPayQzZcyOoLItjicqEy0LglzdtjL3UvRg9Di2XRPS//7c0qBcpT3BNP?= =?us-ascii?Q?RMj8qKnowx5/DX7MT2xF2OLzQNaG3OHoY0nVDe7W9qw2gUlU/gH7LEbVmXNu?= =?us-ascii?Q?cl9C5Cg+htTEV2UCMXUN9MCZ+zifGbx1kAO55JhztETI9XocgwJqdFCQNrTk?= =?us-ascii?Q?PVDCKiICVy7pEt7Sf7fUyyWMbR7Mx3lVkPpLhIPATr902NQFs07aMnnjB8ft?= =?us-ascii?Q?13Fs1lbFLxAHKSczNzv/y0BmmPW2SjCTNsOSGStNnCu3JzNasmI/taXGYJCc?= =?us-ascii?Q?H2bHAYHGfJLxkaILAe5wy1omHhY3R4AbgN5LIktefX0P9+GlPWVe4RrPasWo?= =?us-ascii?Q?CyLqxNriCYa3o41RiSBpkcIul+saxI7O/zdmOhUkWb1tlWiqE8TQ1CG6g81d?= =?us-ascii?Q?f/yobQHh1Dslbx2Xj1cLDKjpCrn4802WlNclIDqL95lbQtmn/t0MeT/srbDR?= =?us-ascii?Q?nXeff4AhPyXL0v+Gmy52mnO2UyRzQBj22ngy496/8T/EhW7fJX8UkIso4BlI?= =?us-ascii?Q?RAdm6ilEiBcjbblRlYpDcv9WJ4GLVjnBhz7cjgiaJJND5FzqF0DNqzFOZSrn?= =?us-ascii?Q?a8QZzOpCCM6V60xreqdC4v2ukLf/E5FDvHj0NP1qq3KHZ7HNxhIX20XEdKQo?= =?us-ascii?Q?MtTBBYN5LuMd/nCOfhDoH7ZclZH+1yl52Hl24d4F9uw+6EY3KlvDaD6xChRG?= =?us-ascii?Q?eelH1t7vNCZ+9ld4MZvZIVRdfLVqgXTNng4HknFm9SeKNCFMdpSgAaGRmJV+?= =?us-ascii?Q?Lp11+fFsbXJzCYLcUMrmJ5Bh7gKXzsZBU6ZnEByekS5KCSODAt5Ht4XzYA0b?= =?us-ascii?Q?g/Us4IT5Ffhn+NOn3561DSgzoq3AgSN09OHo124Sk55EIVF3Ejka/M9Mgym0?= =?us-ascii?Q?H9M4j+D1dvvv3iqwL+ALiTKERFHWcjYlbcFGgIlplTUKf0CfkHZ7oEIoOvmD?= =?us-ascii?Q?1Dqxa5yWLDp/OpUizyNV0jwR5oDOf6fQRonjY42beXjIDtMhkAY9ymq2XnWF?= =?us-ascii?Q?JKfyXBMk7Vmc6Q6Sojuwfy3yZqnO3NkBqYav3eOY11rClk13Vnialud6nKqX?= =?us-ascii?Q?mW8xa8Ul1rYWKB6F/1T5u0feXplDataNXu7wRv+3DkseDnyn9h/yo9DgskSn?= =?us-ascii?Q?CtnLdwnynNtoIIk12aAZi94wEjnrcxcqf5X/e2ogrw/LPQBhP9+sw8sAIb/y?= =?us-ascii?Q?5pEc+b0Y6MS01VcqNZBL92ggfS69FcpLhEwt3uc+Y2TAMaZYrb0oymQSscac?= =?us-ascii?Q?miE2hoa9NEtP7L5X3WCKmAjEHLRoS8+FEbwqPQ4OcbFeLOO8R8A2TS4zyjKz?= =?us-ascii?Q?w/BGfb8FXpEASpWpCwOL0kwsqJUaJdjw1tn8EVhx44U6bNNS6G0xXkYzY95w?= =?us-ascii?Q?jniaSJ1YksS9GDnvb9ZeWVGINdw54IVrBDWu/l0HIokfDDh+V8mlub4GHYO7?= =?us-ascii?Q?dYPqPSquWRd3ktH0KKaNAhl0y/h/LzCVL+DKbCIsoSZdkmKhdASSHyDrHJpw?= =?us-ascii?Q?uSWJO1gGoRdqS6k=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:52.9383 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fbd07725-b656-47d5-829f-08dd3022a61b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6757 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v1 mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 9c9299b988d1..41c8a9dad411 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1172,6 +1172,9 @@ static void __init spectre_v1_select_mitigation(void) { if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; + + if (!should_mitigate_vuln(X86_BUG_SPECTRE_V1)) + spectre_v1_mitigation =3D SPECTRE_V1_MITIGATION_NONE; } =20 static void __init spectre_v1_apply_mitigation(void) --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2069.outbound.protection.outlook.com [40.107.244.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8AA8203706 for ; Wed, 8 Jan 2025 20:26:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; cv=fail; b=sbOUPYtAc3e/KVLZZmSWkF7fuZgFL7BqY+z8gNmOPfcSKdzAWEabxhW8U05uJaGV1pykchVgAFQW8sNRUFbnBCUAXSisIInTsHasZsoEzqcD6lUoszMSSo38M56DVyaMvwu7JJ/BhJcgFL1xLe1epoY7Xp8H4/4evt4OqP+BbhY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; c=relaxed/simple; bh=Z14pnsNNXEwuY4L5hZGfhe4FysZ8WFqdanck2j973ck=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=m/l+Sg+oB8TtZZY3aJvtE+mdDtE1mNcfpIcZ4bL6qeSI5bUWW6ok8+L1WAozFkG2fyxWkbyKsOkBjFyiJiR+4Whh6V6tmSkTcRsuIZoxgITNjmvnySNxJeq3adFSMzqx0lx20Vm9NRMHPyXDmWSFEfG/jGMru31ftzopjdPWKlE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hDgV75de; arc=fail smtp.client-ip=40.107.244.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hDgV75de" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Q2iqcMY2iGoRuXHANUrHdyDlQ+/gXQN84iW+e320xVmI359YJ66qA9UxpqT/aw6Sm95Z0uItCZybwi0MgCoBN/QD0nph/0rewHJ/RYS3tEoVgoeTNJfJbNj0ron+qdWcCEwHoIQwTAMMK+M4zji9AbVlwcex+uvLiWz4bagteCwz7gtEBAf6HLqldAWbI/TDa9PRhadz6+hWiUaIsjPbv42c6e3ekNcOIbvXn/ugkN/Pv1bgz7IWTyALHkyCd47Z3vmRvnIVKyuGABH6iBCUtWjQ57dFScaYoeOTtm8NEglWXwXyC8+AM0HQZTyNXm8SBeN28VztAlqg7QTfNECkqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U4fL8KiVcoAL7gX2YSk7vRuJto5Y+qUHGqg+FHxwYTs=; b=FFdjLsdpgeoMJ7ZVaB1gW0LeOTHq59VkQw+9jrKDiHYhszIoQQsIL8WKsBDvp7iYTKOvoOx7duyRpQYQncbwAeR5BsiJUtJl5IuPwfpWFE10ZyjPT1wQKhL1skolTFQZzHM4fTmIJphVx+XkZqnKHoim36oCb39exqac+IMxRNsbPmsrVTAXsayvLhePtDmWYazZ/iaIjfIoSgcvO8Pt7QfxhTrOEbZyJx5gCcpxeA9YMfymdGfwInMk3Qht4SjYvl4c9z5rkp6qbiyJPrrb+aSXXc1YSjpPHOmDD9P5NSc5oSFvCpTQBup0k6bXy8E0IO2zVC/VPtwrY9i76cMqGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U4fL8KiVcoAL7gX2YSk7vRuJto5Y+qUHGqg+FHxwYTs=; b=hDgV75deZTG2IMKMr0YivIER+Hfej/Mue8eMJHfXAFeG+dVCXxurhORMbgVxH/jtk5J116hbdHV0+DMeId/xumPam5vOypDDx/MWe5PjeGzcU9ikn2v7pU1JteomtnuvOPLOqZNHg45QRvJNFfNCpAE76ilffmv/tqUv7VngK7Y= Received: from SA9PR11CA0022.namprd11.prod.outlook.com (2603:10b6:806:6e::27) by SA1PR12MB7293.namprd12.prod.outlook.com (2603:10b6:806:2b9::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:56 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::d) by SA9PR11CA0022.outlook.office365.com (2603:10b6:806:6e::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:55 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:51 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 29/35] x86/bugs: Add attack vector controls for retbleed Date: Wed, 8 Jan 2025 14:25:09 -0600 Message-ID: <20250108202515.385902-30-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SA1PR12MB7293:EE_ X-MS-Office365-Filtering-Correlation-Id: a0c561a8-222a-4ecc-6ed1-08dd3022a7cd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?Mwf8J6UR+m3bbFXVl1ND2ZfFnLsnV1N5AIuidHLjv00iU6fuapumC3CP8aGB?= =?us-ascii?Q?5QANVyI2lBKwn83NnT4h73AEw1MKzZz/nTkpS2NK0TIJCNdaEI8iCaq2XgN0?= =?us-ascii?Q?C93ot84CArKkCfOkkEd7JMQXWxYFuNBKy7sUJ9vxuAhPj/BxnmokNaQI+zF8?= =?us-ascii?Q?RA1ikjY7Del+PpVICBi7+1ol6COxpk7FH/bHJr44up91/Oi1gIOQzkVbBL/M?= =?us-ascii?Q?7Vx1yz3DqmCLhtltpn7xI9UtUgz9h6aq+c/1XCC6zWzieGc6Bo8vLJj9a6Us?= =?us-ascii?Q?apkjRQHGNLPQ46B0ZsEBWT6EsER/+fASqh4cPW/WMwo8befmH4+eUhP483w3?= =?us-ascii?Q?diuBX2QzAmWspjmP2X18jXR7xNL5uDScZpK1IcLvqKBcwoOy8hWn66gXbFNZ?= =?us-ascii?Q?Hr2H1um1kL/hpwpu0CtQNUjuQzhOg3b7Ubh1EMWvh+4p5XXdDn7CnXHaCQl/?= =?us-ascii?Q?EEVR2bqaj1oFFgR2bKw9S0j1o5vBC/2WivxIfZPxfHfWvE8N2PPJM28fy8P8?= =?us-ascii?Q?6/CD/rvMOOHZUKBcLBV5VLv0TrfMftuczTgpbCOGlx2qpaUrv2TTbYGGah5+?= =?us-ascii?Q?f18nLBwKWXj6dng9QMsRA22KYg+GDGSR2ekIOxu2u5QmDaPvzRxwxI1BzIUb?= =?us-ascii?Q?xeWT9i2SvA1uWjdzLDkXZjNW7MCtdwQeUjZoubNf/tJhqIAYXeBZRQadBxvm?= =?us-ascii?Q?nTdjVkNQlH0Wq+lDA0Efb5Greqpov3qSJ45Rcn+PcS/9MCGi3tRWtGf8zh2c?= =?us-ascii?Q?ppa0v77QLcpSgkLmBnCaPT6MtR8HBqlxQtyM8CZf8o8el0H10A7x//NADdzr?= =?us-ascii?Q?V3R/LGsH30SGEGhxRqzNmBhBEnAbQ5BkK4eQbaOHM1NBTarHBIGq2jlDV2JR?= =?us-ascii?Q?HXMJgBQMoYyJOHoWAWOvxSpSNq573cP2O3wkxqo8hOkDMd1NeKO4BcEmpZlw?= =?us-ascii?Q?xo2QFTljJviurCOPajP/3xJQzcrhFQTRDGu83rx5bKpuA6QSB7Wip4eKr/nP?= =?us-ascii?Q?w0gJiud41mI1DemY3H60tVRCY4ixJ4lQGPtca8r4oFRf+H5Fmfei9Qts6asa?= =?us-ascii?Q?4qW/e8hHLETEFIQwzakUk0w0otI9d+exiNbYFivDSfQNgT656+VJ8JUvdPix?= =?us-ascii?Q?NnDr7gSf8lR0ibttVMs15sD6M0tRbA24HQEALDMPsuO9QdPl2VpuG+NFgCBA?= =?us-ascii?Q?KQFcP3WUlIGujv1PiC+mrzf3Zwo54uaM1W62l/XMNPVfyIYu5pGUefT8lad6?= =?us-ascii?Q?rKG9x/6s9GCG9UShCtk0kz8+Z2NUt/WaD20GmFTpYEpNhuANw3R8RIVE328V?= =?us-ascii?Q?ikpxTlNw0Mva7U85Q0/1K17RDQsNlcljt4F5yh0LSI9HnGAxsXsKtaxy8Ie6?= =?us-ascii?Q?OYxMtTKo7SH+AhOlszZDkw3Xr9eMGVv3zuqGde2v3s3zbAOHvXk+L+VfISBF?= =?us-ascii?Q?yvvn+tuRS0mVLpauXbl81CVqpGMFQcKRuifGlFmsIM0ld+kxRaUMfIMH+aHe?= =?us-ascii?Q?t8J4lqOoYEDzzR0=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:55.7664 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a0c561a8-222a-4ecc-6ed1-08dd3022a7cd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7293 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if retbleed mitigation is required. Disable SMT if cross-thread protection is desired and STIBP is not available. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 41c8a9dad411..430f89a5f66a 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1331,13 +1331,17 @@ static void __init retbleed_select_mitigation(void) } =20 if (retbleed_mitigation =3D=3D RETBLEED_MITIGATION_AUTO) { - if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || - boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { - if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) - retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; - else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY) && - boot_cpu_has(X86_FEATURE_IBPB)) - retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; + if (should_mitigate_vuln(X86_BUG_RETBLEED)) { + if (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD || + boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_HYGON) { + if (IS_ENABLED(CONFIG_MITIGATION_UNRET_ENTRY)) + retbleed_mitigation =3D RETBLEED_MITIGATION_UNRET; + else if (IS_ENABLED(CONFIG_MITIGATION_IBPB_ENTRY) && + boot_cpu_has(X86_FEATURE_IBPB)) + retbleed_mitigation =3D RETBLEED_MITIGATION_IBPB; + } + } else { + retbleed_mitigation =3D RETBLEED_MITIGATION_NONE; } } } @@ -1438,7 +1442,8 @@ static void __init retbleed_apply_mitigation(void) } =20 if (mitigate_smt && !boot_cpu_has(X86_FEATURE_STIBP) && - (retbleed_nosmt || cpu_mitigations_auto_nosmt())) + (retbleed_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD))) cpu_smt_disable(false); =20 } --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2048.outbound.protection.outlook.com [40.107.237.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39B63207A03 for ; Wed, 8 Jan 2025 20:25:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; cv=fail; b=qUyjYfyusNAJpC/+L7cozD8fyDPOSwW3ACieAMwaYKR6ux6vkX8vyxIIJAj2LeI237NpISGCXmRfUVnEK07/8OrTlibdAH3KMDiYD2VF24hzup27G+AaWOnhVyNvFJjqI+VGoqh+59yi3ke5ZEJ2oZbNvRVaLO6Ah7MB0E9YaR4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; c=relaxed/simple; bh=sv7oeAjCnGg/ZI3eNJ92Qwng1lXVJLQkM0GwK0XKD8k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=npt/tW6d3cOmBZCPh5GgS5d6Z9ekmK6r1xwkcQm8rWNCVnxvBSpOFczZHp3YeFx9HSsyJ8kjm9c7DeD07bwkfs5eulp3Lmi0MUirxrt30em5r1lbSoORHZXZB9ItxojeZlFaSwhsGbf/OXaxEo0AKobBMgawY3sxrwyoQ9+thfI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=h2SHEs9h; arc=fail smtp.client-ip=40.107.237.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="h2SHEs9h" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AFKdtVDy8e2riat8LjsoOTGg6S283L7ulH5nWbKraqYL7S9+MwkyrFiwZ/EhX/YGhnlIsLJkDqT8rP/5YcBE7+JEMP7SuHDqU4LZnkt8s+RFhjPNjZALOxL8dfnLQ5xhWXqlwPbB03SFfMg1eDeuHBj/q9Jgs0tuFO5EdGZALun7jIVzoxWd3Xx2Ot0dXfHr7x3Qhkujt14ywcc5WAj5/nNgN4EoX54KrVJJVRFTjY16k4qT+TQMjFPI+BksO378Wk0xZL2/cNwcqf+46/TITwdE0NB8/SA6z3StZDguL48BRzn8YIzGwod16U4kA/KRzUQjyQhoZxElHQJv0yDBPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sABYYMcJeTHdGSarqoC6fnVRW/2uWgQ3WKSWS0Go4wM=; b=FSkkn4AF/fTR3AgQ1phCFct7MIjBDxqFhccdWZU5shCjN/lC8pYE9uVrwlB591yVqo8skuMQNeJT0pA1IVWxZcy14QhNyfHscVDmXnQPz5sYsvUc0HFQAp7jRvhVA2sy+7rrTRZS07fasPl4XsQySlw98rSgcQQaBk0mcdsEVh1gq4/9ltqhWT0tlDw5VLFDXfHJrEpvzKFMuDpruNYkIjpEPhJu+TcgPx4THQbyW0jdp2NefDW1wCSMEktQxpbF61KSpZQ03/0bd8uIL2qwwUq21YhaomA9tEH2kgXEir+z4DrG8tphIrowSumTRMuL+2tSQVLEzN9YvNeiz3fX0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sABYYMcJeTHdGSarqoC6fnVRW/2uWgQ3WKSWS0Go4wM=; b=h2SHEs9had7p1/2QqV+2ESUQspUOI3XhZceQmDXXdp894yGg22MnOvYCRS0QqU5KY+/PXEw0AU4U3UNS2NfEVai4LLvgiCeUiqa3dLwVdKCtazO6kRg+2XEen+kmZm5HYJ7FbNsqy7g6bHw+/NhI7GRXZOoOaOb9CSM9dCr00nM= Received: from SA9PR11CA0009.namprd11.prod.outlook.com (2603:10b6:806:6e::14) by DM6PR12MB4281.namprd12.prod.outlook.com (2603:10b6:5:21e::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.10; Wed, 8 Jan 2025 20:25:57 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::9d) by SA9PR11CA0009.outlook.office365.com (2603:10b6:806:6e::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.10 via Frontend Transport; Wed, 8 Jan 2025 20:25:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:56 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:52 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 30/35] x86/bugs: Add attack vector controls for spectre_v2_user Date: Wed, 8 Jan 2025 14:25:10 -0600 Message-ID: <20250108202515.385902-31-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|DM6PR12MB4281:EE_ X-MS-Office365-Filtering-Correlation-Id: 18831d7f-9cf1-48a4-2c69-08dd3022a86d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?S8D2ZIfi2cinz/AnSctIVEFaGLIuLQJEUCSJ1hNs7jfcSK8jGrFI4EBwV/XA?= =?us-ascii?Q?stjXN+MrbV2ghIf5i8dmsfpwLr2oBJWjLKLYDm6n90Eth/aRCltIck+z8b5j?= =?us-ascii?Q?HE/xjsfKTrjkyO8YpZBkDjo00+zbRRWKm4X84c5Rgju+teAangX3NLXVGFqj?= =?us-ascii?Q?BurPcXrzNIwqVfgVexmCq4B3Ap/+teyu2OBluEWirbmAkWsg1Ok0YqpoE9Je?= =?us-ascii?Q?urNWFCskocESWT+p9RG38MGeSfrVw5b6d91zajqLgps/8wq+CLBtxgnwMbaI?= =?us-ascii?Q?gOFdpEgBNqv3M9iWcOx+nl5CiFqr0jvTKKG83pDLMn71TdUZrmj8wdVlxbtj?= =?us-ascii?Q?/RzPsh2ACCWgqi7mHfgHSH2UtW6vjEKpVRIhkBEZq9wmSEanWsMkIDI+84pD?= =?us-ascii?Q?M4FTqYuTI8ZQz5GnR4V/g+dWUeyknIgYR+zpja2VskmY14TCtKBWIQFPjyBJ?= =?us-ascii?Q?DzY4xtysB/n47YK82mqkvIvUkLFvaNEqBkmqYx6I6JZBR6JJwLQL5P53Mhnw?= =?us-ascii?Q?PXszqIeYnDRMTM6pLnCbscnmDWqxhtkyKqV88R95NKfh44RDoGn/mF6k4ACU?= =?us-ascii?Q?fGZ8QL6eNbXXQGCA/95iCMneLz2aUhukwKl50fZ4IPpJlShSEYojmTpLXrmV?= =?us-ascii?Q?uPQ6bZXzWteQ2LvgeAwTyo+UDNL8g+dsdnI0CaJCND9jD8O/LtEtlfy9Pbzg?= =?us-ascii?Q?vfQJ3sJla08WPsOuI/VvsJlntCAjlMs+fa4Aswd3UMpqRYcAfeBo7CoJzISK?= =?us-ascii?Q?eaiDjDzK3RAVu0/ue6OtKA8R1byqSLGZ8ay/ybnb/vzEW2asdfqyTz+94rOo?= =?us-ascii?Q?7pK+nFqeyDkBD5SHnqV+iaa5W+03CG4vommsm8GonflLlsmVxrhKSb1yZ4rH?= =?us-ascii?Q?FwETdC70L+5IQTZIPsg9e8L5rSctxl4XujD10mepTPXyTV2YapGl1CTgmeVl?= =?us-ascii?Q?yLhnloTwsTejSiuObEcZ2tL2wli4jo6hrmX7u6Xt1TTsCXT2VmcFC4CDogiZ?= =?us-ascii?Q?nNwhDOX2bhJnhp8by4KdDC+99dEk+TEDMG390VRf9oId8O2PwYzep4a7PZLp?= =?us-ascii?Q?1vk1V4qMGr93cE0nRNTlreaMMySBOzt1JzlJuIaO0cfjwRP3wCHsLVT3iwdx?= =?us-ascii?Q?GqdBc9nC1Tjl5Tu8FzsgP9xJIJilmmCYQ7ZQMbjn7b/6cMsjBG61HET6et9q?= =?us-ascii?Q?EVt+OrAS0Zyk5vXJ+mFfbgjEueVikGbPLkbcs0UrCmi8U10u4c5k4L+rzoOf?= =?us-ascii?Q?Gc8O0z6uImCsueJGH3vqLgh3/XnFlFOk0zb+MN4Mkz+aeLWBCg2fRnNb7fqR?= =?us-ascii?Q?3gnYRBfkhPpagZ1+bH2fwFY1GSFKPy8xR3wKeY74XAvdBUxg9H/VLi/Tm2gv?= =?us-ascii?Q?4WgRX1g0/0sHONdmQ45/cu76e4yEbL4H3e8pDkaKvvv11pwEjKnImk3J6DUc?= =?us-ascii?Q?8OL5wBYunRPyRf+PuYibYngnbhSHTraKAAZZbpfzBX0BF+k0PSiopTuUzUV9?= =?us-ascii?Q?dPGLUkio7Q36BJ8=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:56.8133 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 18831d7f-9cf1-48a4-2c69-08dd3022a86d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4281 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v2_user mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 430f89a5f66a..c1b60ffa3218 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1614,6 +1614,13 @@ spectre_v2_user_select_mitigation(void) spectre_v2_user_stibp =3D SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_AUTO: + if (should_mitigate_vuln(X86_BUG_SPECTRE_V2_USER)) { + spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; + spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; + } else { + return; + } + break; case SPECTRE_V2_USER_CMD_PRCTL: spectre_v2_user_ibpb =3D SPECTRE_V2_USER_PRCTL; spectre_v2_user_stibp =3D SPECTRE_V2_USER_PRCTL; --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2083.outbound.protection.outlook.com [40.107.244.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 39B07207A02 for ; Wed, 8 Jan 2025 20:26:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; cv=fail; b=GkkdQRZJfBwaU7yKRzLim6jSnwLiXzCL+KZd2v37iwQPreTfKMYXp1Ztmhq9lj29mh2GG3GUPlnR00IULoWelRtWQUdCSeUlPo1zE2I5E9VjzyAw3VDbFEAMhzuj03qpoKgzNihCOk1pDxAatqdhnSfi91llkHL48/wDTb+7upA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367964; c=relaxed/simple; bh=Gg6WRmKCAJ1GjmtG6YpYP664Ba+JddV2E3uOhzYbO68=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=scnuZuNaNo2QT5MbZigfCagKpitU6Lk7YvZmJx1EEsOu85lsgq9Ncfkgwx7iIW9mnksu9qhPAfD2tpn91alhOwQj4oVFIpKFSxkOyA1FGJ1XwM5CazSpQeT3DWQMKCAYZxSsgzAxahu2s7obE3/yhtbJWZ4TXmeg/jEy713TCoI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Y78B8kaM; arc=fail smtp.client-ip=40.107.244.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Y78B8kaM" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ziciti2c/TOzeTnDzJMwfksqfEdnnM9cyx659IGA74tOKrKvMYaDeehq/nPLvDaZKemQqV7dxlNm9VfBSXNpd0GCaPpsxa3HZ3QEUnP04dW0a8d+jUloiIiwIuIMaDmz5gYsV7JMWHN3YlkhuKZaI8gRKMMRoEZBrdjiaC1Qsexs5xQGJ6SBPQ7UNicmhrMOitK49thFMdWqSMGt0nCiN2pp4mnSBKKfwN8n3TTuSshgOgv4/5R0qAG9QL8JGNnO5stGHAhtu3IUElHxuVpV9u3Tl0f5ilMuaZap1pHC1ENVmfkRJgTlhzSz/G8/EmKUAaGCB6W7Xveal6XhUd/IdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CWXfOMvnoyfIlaVSu8jHpMHHRYhEQNBNlx5+8g5+Tsw=; b=g/Hm0TcBpJsjXhV87mIbeLBJYJCqpsihufdbz/jIs+5S0HQnuxMbSVOUh528w6KtI8Ty8Jjl+cxBIsWxqLmblGJu7BQ+MznCjnKp3zJiDhHx2pxklOzo3uBN2rtfMryCGVAjimXe05vbJeO0GNYenTzEQSg62EPmU0ikcrYregqIW52CXmkQOovgPilzGrdk6jV57t2lwlKg94AsTdBXmU/d5SV760vCq/e9L4gjv3Z+oKGpzjt4th1xdeDZw9bED/hL/xxxMNltC71zilDyiKPfoL8BNrmNPOXh71YFi14e/QyzoHj3RiXULzlBE7NeawsEdArILDpQxYuiG4xCqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CWXfOMvnoyfIlaVSu8jHpMHHRYhEQNBNlx5+8g5+Tsw=; b=Y78B8kaMc9Wi1Eubj82ThfH+BzyjahCiPkOOvLc8OegE51WOSBLzmHRvZH/PkUs/Izc8ovPEy/1yMIwXiTqrP1Afwu18zhr+RTcpgtqAmxleMvgXljZWBNVe8XYdgHW3RpqsuIfEXMPcJ1UFggFaOXnVDARt+aq6AOBWbuA3CQM= Received: from SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) by CH2PR12MB4053.namprd12.prod.outlook.com (2603:10b6:610:7c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Wed, 8 Jan 2025 20:25:57 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::bb) by SA9PR11CA0006.outlook.office365.com (2603:10b6:806:6e::11) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.10 via Frontend Transport; Wed, 8 Jan 2025 20:25:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:57 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:52 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 31/35] x86/bugs: Add attack vector controls for bhi Date: Wed, 8 Jan 2025 14:25:11 -0600 Message-ID: <20250108202515.385902-32-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|CH2PR12MB4053:EE_ X-MS-Office365-Filtering-Correlation-Id: d8c7ae18-54b1-4ffe-4fc0-08dd3022a8d1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?F3RKUEPy7iN1FTEmgqRrkr0JhVfo+Qxde0K6/s81ZQoQU20WNgQ6ZIT8wFS4?= =?us-ascii?Q?asQZ3L9MsgYcYzw5EHvGQNiskHPwy1c3RaekOFDZx7mxRHpQ6QiDaINmbjzc?= =?us-ascii?Q?YMjvjjnAof5OLl4LoqcrdAaUZCxpr7wJgf4tX4qx27LJUeePySJU6kECkfDL?= =?us-ascii?Q?PBgzxXB+5jLB0aF8GT4aMHOj/l2qxf+qfbM+fIGkOhVtXDtWuIijxdSpj7Yu?= =?us-ascii?Q?wcRmN/am7Um6mu5y3YauxyZSACEx6g+PrJ7+jBsD8lvnVYIkYHdxsQ8JYQ/c?= =?us-ascii?Q?q7w2J+0FErHbLHP0wexii65M8pOn0hh/y3R5AjcZm/BKYKzSPnMCKhlT6HMM?= =?us-ascii?Q?AylhOdy4P8jBPbjIulvH3tGD5mdVAxMnLeoAd+PwIrw/1W+0jxK8h1bJrVzW?= =?us-ascii?Q?vaYCqRnEBKIQ7Y9PEXua2lUF6d6AlVnbJng5xdJNjdXVxbgg2wR0XTfz+8Nq?= =?us-ascii?Q?gbOnckTp33+qiBgRjjm0bRZbTuMPp8EWlsHMsaRS6q9gqY3rY8j/EJsXXIDT?= =?us-ascii?Q?dE4HhMb+YR9W1xmUQJ8uSgZ/qB+DVZ2hF1Z+Wqyc9E5eD+Z/jIOaQqvgGFpF?= =?us-ascii?Q?O2tykvp/DL6Q1O47ROhsYyCvHO0BRmJnjlOnGYgH72z9M8txNpRn/NPbvsx4?= =?us-ascii?Q?sZ/0xEsHcfRgkHgZokiHTz5eDzlUPEwgpgMlzgN9VcknJCjPITMA7SGjORrC?= =?us-ascii?Q?0472UjScbmnbCikSvT++82yAv36FDLYc5MPSJbhFGwLVasllgOQe3fI38rM7?= =?us-ascii?Q?DVf2Fuj22CJG64a24C9rSvD4ZM0I2xF5+7HXemVVoAqpjFxdIBby+nZXPmf7?= =?us-ascii?Q?6Qu45pXk57oDny2arGx5WySiNYibKihHvh2lqE1RkujmqsYsTko3gy444NFU?= =?us-ascii?Q?BBAEVEB3OAOXdmn23Bo40GcUHZH+mhGJ8piWB96sGVxkIXYjNdKB/0lGlnqf?= =?us-ascii?Q?lw5HZhIBxlioQIovd9mcrpPTTVb0DZZG+iGh2dmcl2vlvCMsz7rehbanqPAA?= =?us-ascii?Q?l2Y71nSjxS+U+bHTNWUDhRimT451sfyKDSO2fSaRw8BZzi+o6XHtZFH0Fa3D?= =?us-ascii?Q?CWClgi9fF9d3N/fBhAKMAz8/9Ixoln6trEBVxmptY0I1D8Xrt1WpJQm+Fhq6?= =?us-ascii?Q?+sRRS1FVW6EBx7dMhUMrLQTJFqVSYh/vc7sf8chjvwJNsUyj6sBAT35y2HX/?= =?us-ascii?Q?uFx/WFXW7zm37rrosMJm6ckZSCtaHosA2MiBux2oDvb1rdjWKJV+vOvrIk17?= =?us-ascii?Q?JR+FOJfw0zxBOgwBFyqvokq0FdXsLzcU/v4E1YGVTm2AC/qKqdD/UkocT3Fp?= =?us-ascii?Q?qTi0hxMve1EToRAr61GcZFbg0F+E9Rwy3RFaSl1JVXH1vGntmPSphVOH0tya?= =?us-ascii?Q?Bb9bSAwSU4Zb/eh/RY2tKi8VvCWyIKh1KpxjPx8hEMs9ZrHmk3evNQPAK5xc?= =?us-ascii?Q?5NFwJnBjqbswo3DpNqH/pDloEZLEFjXEXPqj/ScDI45CCaZs1tD32vTgvlkW?= =?us-ascii?Q?YhOg+rHTRHaGees=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:57.4383 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d8c7ae18-54b1-4ffe-4fc0-08dd3022a8d1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4053 Content-Type: text/plain; charset="utf-8" There are two BHI mitigations, one for SYSCALL and one for VMEXIT. Split these up so they can be selected individually based on attack vector. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index c1b60ffa3218..57c762d86fca 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1945,8 +1945,9 @@ static bool __init spec_ctrl_bhi_dis(void) enum bhi_mitigations { BHI_MITIGATION_OFF, BHI_MITIGATION_AUTO, - BHI_MITIGATION_ON, - BHI_MITIGATION_VMEXIT_ONLY, + BHI_MITIGATION_FULL, + BHI_MITIGATION_VMEXIT, + BHI_MITIGATION_SYSCALL }; =20 static enum bhi_mitigations bhi_mitigation __ro_after_init =3D @@ -1960,9 +1961,9 @@ static int __init spectre_bhi_parse_cmdline(char *str) if (!strcmp(str, "off")) bhi_mitigation =3D BHI_MITIGATION_OFF; else if (!strcmp(str, "on")) - bhi_mitigation =3D BHI_MITIGATION_ON; + bhi_mitigation =3D BHI_MITIGATION_FULL; else if (!strcmp(str, "vmexit")) - bhi_mitigation =3D BHI_MITIGATION_VMEXIT_ONLY; + bhi_mitigation =3D BHI_MITIGATION_VMEXIT; else pr_err("Ignoring unknown spectre_bhi option (%s)", str); =20 @@ -1975,8 +1976,17 @@ static void __init bhi_select_mitigation(void) if (!boot_cpu_has(X86_BUG_BHI) || cpu_mitigations_off()) bhi_mitigation =3D BHI_MITIGATION_OFF; =20 - if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) - bhi_mitigation =3D BHI_MITIGATION_ON; + if (bhi_mitigation =3D=3D BHI_MITIGATION_AUTO) { + if (cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL)) { + if (cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST)) + bhi_mitigation =3D BHI_MITIGATION_FULL; + else + bhi_mitigation =3D BHI_MITIGATION_SYSCALL; + } else if (cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST)) + bhi_mitigation =3D BHI_MITIGATION_VMEXIT; + else + bhi_mitigation =3D BHI_MITIGATION_OFF; + } } =20 static void __init bhi_apply_mitigation(void) @@ -1999,15 +2009,19 @@ static void __init bhi_apply_mitigation(void) if (!IS_ENABLED(CONFIG_X86_64)) return; =20 - if (bhi_mitigation =3D=3D BHI_MITIGATION_VMEXIT_ONLY) { - pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit only\n"); + /* Mitigate KVM if guest->host protection is desired */ + if (bhi_mitigation =3D=3D BHI_MITIGATION_FULL || + bhi_mitigation =3D=3D BHI_MITIGATION_VMEXIT) { setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); - return; + pr_info("Spectre BHI mitigation: SW BHB clearing on VM exit\n"); } =20 - pr_info("Spectre BHI mitigation: SW BHB clearing on syscall and VM exit\n= "); - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); - setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT); + /* Mitigate syscalls if user->kernel protection is desired */ + if (bhi_mitigation =3D=3D BHI_MITIGATION_FULL || + bhi_mitigation =3D=3D BHI_MITIGATION_SYSCALL) { + setup_force_cpu_cap(X86_FEATURE_CLEAR_BHB_LOOP); + pr_info("Spectre BHI mitigation: SW BHB clearing on syscall\n"); + } } =20 static void __init spectre_v2_select_mitigation(void) --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2064.outbound.protection.outlook.com [40.107.93.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C742207DF3 for ; Wed, 8 Jan 2025 20:26:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367966; cv=fail; b=H9SGjAewTuVUBxb2ewOfteB2zwmkRLjM3IeCimXa3OfgSOJdNxfj0CxDcdGAiGRgg+7JzCvg7YyxA3rGKdGOtoswdXjKg6TJkbLVydwLC/aisS1S9wTPvwkPv5l78rfJIJYzFYDtnhZtUuNFaUxkel3w0LFbhmPqbEe8NcrxOAg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367966; c=relaxed/simple; bh=0/z4mPc4UNoXTkVUFcnM4fIS6UQt05GfGBqW8pyUB38=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=aZLW4QsKnt5xX2ZjZlP97Kw7T4hprqni0LXhvdSO8L4469XGhF6QmEvk6ROmERNqIFcyBh1qQHlCg6D/OGjB7PZn3ZmLyALvFkHCKpL8uuRAiD+XVtNKUwjq1RE0a6USEvcdvmJOxz+5EI6AMlSguou8XbF+OugpO/IGb3PTcow= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yrPCfKnz; arc=fail smtp.client-ip=40.107.93.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yrPCfKnz" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zLNiBFZeP+uMOv7RgWfDIiY0CaZpFdjCQWx7LWQ8rpo96Cd746QUGFYgWemoBxutwt1YpxM8x2FYaYnpeMlVMRKjyWtlnV3I5XMYJCez17La5AKPyQHljiffJTpi3QDRvHkBESyVUZri+l2jWSjV2ctXvjpdfahqbFvwf1FnGUeDNtb5nTd1qKn2bmrnao2qsb1dF/yQx7BSj25I2VKlgqYAmHtAxNHBjCFX40MCHZh7C6ouvPzZsDV34rEQycTiqnMtGtQ8OdjgOAbXYeMqVo8yh/0KZKeX1Wu0O8zrcXDWQ7SMkMKTgS/0W3chFDCAskpz9iF9aDNNC+1U1J8Qww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GkJjDEPNBYXgrGl2WzyilDsupbATh4fW+dJ+sKu9yv0=; b=k9Hwh1rPs1FEKZstE3jHem6hkRZcvHODNnzRn00oVq+LDqfJ/ONjUM2UGFmFHuDZrxbAMT7RIbqWzBr0wXKs8qqaq+RUvPfcdVCelMAJflBy4U65E6fVjAPet/AMfb0VYNpomcPn47l5JCB8QHwtlT5QA4nqCbeicMgPiE76KIOYfOwxCVywjT+i3QSw0DD+WloIBHRspE3P3X/puuyHKLBErA1W55dXeo57CBTMf0XQEJIYhdZYfTEJWDav/VFH1KbryFNILQKFaivH7mrhHAUlhKGFiP9CXLTLwdQXJm8dTS4hZbQ88knmcFDwQTL/uOmWPIA0aSaGkbTXXyHM7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkJjDEPNBYXgrGl2WzyilDsupbATh4fW+dJ+sKu9yv0=; b=yrPCfKnzhp8GJ4e+Gw82cxV/Osal6XjJFZ6gDwWtIaq/f0I+tyIISSXF3G/NZ5PUnS6WrDC4Y/jrsYid7lsTECLQz3PSwqZ/GrSp5XwVWk/qqibjKF6bIyHRMeO/kdyRRgk66PaVQ4InNIZe77QTE5TTAYcxIQbOtwmR2JiFsb4= Received: from SA9PR11CA0012.namprd11.prod.outlook.com (2603:10b6:806:6e::17) by PH0PR12MB7487.namprd12.prod.outlook.com (2603:10b6:510:1e9::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:58 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::14) by SA9PR11CA0012.outlook.office365.com (2603:10b6:806:6e::17) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:58 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:53 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 32/35] x86/bugs: Add attack vector controls for spectre_v2 Date: Wed, 8 Jan 2025 14:25:12 -0600 Message-ID: <20250108202515.385902-33-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|PH0PR12MB7487:EE_ X-MS-Office365-Filtering-Correlation-Id: 78f35c6d-0ada-4d78-7220-08dd3022a935 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?fCS7Ne4k8VhRiRmRvbKqYud4mxZDpIq5nu/AJbzblzOkMi2KyRd1QV1ctR2g?= =?us-ascii?Q?9UMgEPPkckDMMNz5/ZBNjrJbme/blTrabLchgwTmdtHRzFbkGd/+/i4sLr/C?= =?us-ascii?Q?d02rqsKdvDpvxhda6RMzTBGB2r3DTc005WvY8GDa2XKgmiKaAg/f4zQ68P6L?= =?us-ascii?Q?3zt0YxsRTNysPaGts1WQaRvz4HaOQNg3yw4IDUIpjaEWqT7zvGZekXjwTTlA?= =?us-ascii?Q?0EhjYooFC3bjw2ZMPw2SiQnoKWQe9L8IWbb33OhIpBw/Nh7KvbWLSHAB7f0a?= =?us-ascii?Q?9GnsjiGcqfMzWlPYPSqMsG1psJ/b4fy7JdGrSAlxivrDW6OqpWP2TUtoGGYB?= =?us-ascii?Q?zt/XYXqLKtNr4wRCFtuKYmMp/nppW3ALFw6mNaUp1Ig5te1FNZEMtbkk/8lR?= =?us-ascii?Q?fzAxfk8cdvzHEb0gKVg39oomROjPOchSpAJ786F1MlRkW6cWK3nK/6P7iUbM?= =?us-ascii?Q?BP9mq6uE4iskfBR0LXqHoqoo0lG9tonIFmf3wsAYOpYjfVt49xf8/Z97HzJh?= =?us-ascii?Q?t8hqh+clJNmUHkEYFHxBSmIP34Xj7iJJ0P1GDkX6LOHYx118Auy8ASKLHit0?= =?us-ascii?Q?QXkkb6tuulRE9JlLH9D9Yccx0MbNJF1+eTQMgOmxZt3ylXfE6JkFzvIoy/fD?= =?us-ascii?Q?IGyaBhFUqONfzxTpBsbzXSTP/UgdpG4nNa68mh7S2Bs3wANsqN63v2gHHsfP?= =?us-ascii?Q?GynrZETFcWnxc09qYa/gfZSA2w3g72yoV+Hi1VdgYmuBOIgpdaS1yZHRT2NV?= =?us-ascii?Q?iL2dkja+MQZNU9mb8TLHJmnvwtaATEKp4Xg6PKJpsmkD4ypHFxWpdPONXZpb?= =?us-ascii?Q?kD3k9gg9xJbmGGZVxgjQQR0EmL5lOBRUOeZa90KD7lsV00btj/BiAONk4w9M?= =?us-ascii?Q?z8spvEiztHZymd7a2Y/kOxDp9ovQq31T6DTgWmFmY6QnFORJU/Gh5e70tEoF?= =?us-ascii?Q?CvsAY7lzmZaWFuHrHAGaQud/r7IUKYPNOTBKXrlNBGrr/q4uhLT3SHfP3OWt?= =?us-ascii?Q?VZgn0f8SWoKduv6ILSrkcM07hpn9/UD6Q/AOQfirLJzbc5CDLI98P4LYw8vQ?= =?us-ascii?Q?dL+DFgPiZkguRrG9zJT4hEr+sMOlIac3/4jHW8NrMr4gqF7ITFnYWkPvHLbZ?= =?us-ascii?Q?8KBjpDqR1rjRmACaoMXf8VnOxgcbnC4+WCQiv/WBVbWIQlH7DftCxrjRKPH3?= =?us-ascii?Q?OVKhsLqwTe63eas3zn+wjiRSHyyENGz7qIiWUiEQ9Ru5MAhxQlkeYZLWc6xf?= =?us-ascii?Q?RHAw3FRNPaf3Q97k2qbrGF3FaFYwUDAUYSEophYScLrGN1ijtEHVDX81M3pd?= =?us-ascii?Q?zLw1ExlEZcMptN6fKXy/qiEN9H/cu0Wn7IyKgH08BR+Sh4ltgIdhI7NjqOVT?= =?us-ascii?Q?zeafM9wSs+MNoVWtwcSF6gFmvyQAxNiKn2T2hTvRSkLnfGEfB3MYHbcgLRkM?= =?us-ascii?Q?dPmU3yiO53qkjSzh2iqgPzxjOqzM6EhfdlY/HAfid9nGo5xtOsWzc9PjZY8V?= =?us-ascii?Q?SM0TMC0yoBYHDKo=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:58.1258 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 78f35c6d-0ada-4d78-7220-08dd3022a935 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7487 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if spectre_v2 mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 57c762d86fca..662573ad3e51 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2041,13 +2041,15 @@ static void __init spectre_v2_select_mitigation(voi= d) case SPECTRE_V2_CMD_NONE: return; =20 - case SPECTRE_V2_CMD_FORCE: case SPECTRE_V2_CMD_AUTO: + if (!should_mitigate_vuln(X86_BUG_SPECTRE_V2)) + break; + fallthrough; + case SPECTRE_V2_CMD_FORCE: if (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED)) { mode =3D SPECTRE_V2_EIBRS; break; } - mode =3D spectre_v2_select_retpoline(); break; =20 --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2045.outbound.protection.outlook.com [40.107.92.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E85EA20766A for ; Wed, 8 Jan 2025 20:26:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367965; cv=fail; b=ofOH/57cOaneROVWGFdbdsbeY1oG39Et508XXS03nFIp7E5MoNvCqn23gUvOSziqeL+1o5uwZF/WrVSIhVv1xaWED0+7MbGVmZnwAgMp6/yezGJtZkLbyBJXfqpXPjFxSKXSDyHSfQcuEwGyVhcTqc9EeNDWQ+XSUeoDwjy43OM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367965; c=relaxed/simple; bh=V4FIhxJcU074jNQ72b57VQXWyk3HJ7XRd1jBhy6ySKs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=I+LKgC6ZxSy+HsxBL1JXi+mOJ222vTeyFe/EiDU8ENjlAFgf3V9UCZT5LjolibWHI9kU6kFz5DJIfnBPkFUMgb7agn8wtkI1C0bMEfgNQaY2bgLlEfa79tmxdlXEHUIzC8dYQ/QT0w5bSKUajft1miMoOaS0DPlxRTblaMiZVks= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=AXVVsb/V; arc=fail smtp.client-ip=40.107.92.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="AXVVsb/V" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l9OkuQR9aSMJRHOPzX2/GY3Dum+WXifRN8NVD7Z1gFKBpnMrlEJXKLyUD2jZXn6i1Evc55FBhJkQX5W9t+gQiWyobkCB7tCqHDbY+/YM9mD5Xz4Jn69krWaHXC5pLz7Ul1j9ZgFAY1CXLN07GsszCSJxMfeuLyXd64Li+AOADWHxl7cLyhXkoTEMDEbKJ/ajTCA5glniiYcbZqA/NpCMLHuvZhC6QOboqPFBNaIAOY5lpS07A0KrJvVF1XgpaQKGxbIj2xQt/HUmxiSPSOD53MF6Fhr8zEhaNMbO8lyvBtnWnLUA3+RCEksy/5lQbt1K2iEGvdNaCvYKPPrhuLrvPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d53hF4jT/foRzL7BA8cbVctanTV7XXBW89R4+QxyCgs=; b=C5/yX/62kvggGnV4Pb+OmSwbXCMaXdG0rPbJIaGDRhqJX8/FA8PEBhtuheMLKD1KkuOzZ4ekLqKga51eY/hNWwZEGBCQZYeYvwpjemWqahkg7D1URyvO/fJzSE+YhiCeDJKaKEllMkOUDuFMXc4DBEeyzWoQePcVpedfaGo3RzwC3+oq0XVfveBxf4Ot+9JQ82ecMeUjlrFGYK+VrBymYZveZNEErYg8NkUOb7hcrEXQWpYFGCmE4oKVf8WkIpqosdWYXzAlLH1jRN9Oe9IJfw5yvhKOfAGETS/iY200Q6daurXhMcyqVFt7kRRCpL/aPGw7q3WEGPKNvnH1q3Nmfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d53hF4jT/foRzL7BA8cbVctanTV7XXBW89R4+QxyCgs=; b=AXVVsb/VM0ZHnLb3m+G7zQlpGupuBhr/fgMzWj7mfIbNn7MVKt33++VfmYC92XP5TYrnrQ6PxDjFxjdG/97HFZCwVi/WJJj0EE70nhiH+Jbm5Q6IzL2kQVyxU+XD14PCFUzvwiS2NxVCkTGAmVFYqoyI8191fMkBb1AwMhfVUO8= Received: from SA9PR11CA0022.namprd11.prod.outlook.com (2603:10b6:806:6e::27) by IA0PR12MB7556.namprd12.prod.outlook.com (2603:10b6:208:43c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.11; Wed, 8 Jan 2025 20:25:59 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::1b) by SA9PR11CA0022.outlook.office365.com (2603:10b6:806:6e::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:58 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:53 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 33/35] x86/bugs: Add attack vector controls for l1tf Date: Wed, 8 Jan 2025 14:25:13 -0600 Message-ID: <20250108202515.385902-34-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|IA0PR12MB7556:EE_ X-MS-Office365-Filtering-Correlation-Id: c624d6df-0daa-4021-f705-08dd3022a99b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3wiqpQmfZKoa+Wes/n6mKUwWJNor52Hm7r+e1UuksST+C+F992fUZPaN/Z+Q?= =?us-ascii?Q?isV7G9ilPY0wqSS+iVwur1c5c3P+fo6Lv0yOOS2tNauIo+0o7pE244ot43hU?= =?us-ascii?Q?S1OxS6KycsMMPLXiuVqUF3vJlbSpdeLO2AeXtFT6XV7ucQ/0LkLz0NAYT8yK?= =?us-ascii?Q?gdF3CSdGizdzBQySc1jsgF/Xan7qBm4PDxTP0cKtLZeSQiFCQifuxKphDAEG?= =?us-ascii?Q?+V+NSgD/JQHUzOTp66gOsKiQNXXfZbPmnVvJ6nTIDD3960vYXFTEPdP4t+ZY?= =?us-ascii?Q?KTkohBSE2Tw+lYe+RsGcCJUWmOS39uR6yUsaniWoNG1/3dN2XYAAAni+b4tH?= =?us-ascii?Q?bLBvv8Q8eiMBYY3IB0wN47v77LZXIUGwjw/PMXDjybVz3UTl2VedqLyS27hg?= =?us-ascii?Q?LwPePuEnXuNtpJrM70MWyFwBQvM/FT+YZiufgUUvkAGc0UJnSMbGRNlFE+qZ?= =?us-ascii?Q?RBvsEK2J9bb0U2Tx937Tl1xI0FZnpC8BCNU459vRJCI9r/rykSekUkS1J0q6?= =?us-ascii?Q?NIYBsJAoodHy8MNkC/XsRyoIsDt/qD5z7JkZoiwB6eSqc04+BhYnkW5kzHnl?= =?us-ascii?Q?Kld7KadcJ3AjNMl5iowGaFG9zBMq/arwUGaHcFJmCctxRJYYXzBwSaZjNUW4?= =?us-ascii?Q?erlubh8E+zyX5YQEXbdTnaMRCMn06nwvYPVyj38BwMj26G2idPHNaSY0mlrg?= =?us-ascii?Q?iswsLq3pJf+i/I7hpxmc9F+Azq9UhPDlKvm0h6D4SsJAjlVxYE6icakIF1cL?= =?us-ascii?Q?2Y3Y75jA863cTpRALoHccV6dIs8s1M5kkMkaJrkrjYrtgpRtYRYV0sDq9fOU?= =?us-ascii?Q?4qBYT+Thpwo4K/sEg+ic41yD0N+uWGc9FogXz187NCmjdXTmNaRgTINlgEMb?= =?us-ascii?Q?rFXKmAfTK/jgP4LFidXAHKcn/QOLRiwKKmfgd+g7Usv5xDiY+3vv2F5yaKGt?= =?us-ascii?Q?B0jCb7O2BtSvfgsAxQRtGpjoYZ4246VO5zjyuKtAU21ItfFuCnwiQgMG7euT?= =?us-ascii?Q?EyYXGWtzsDwCWC2poAb5vs8u183EuNgzfQGHJMwwVD4mFl7Yum2OvdAOGBDt?= =?us-ascii?Q?g814WlWh+cACMwU9ZiyFFgWdPVbKDYnGvAx9/wUUlMBB521ByS0qru7Yj7dZ?= =?us-ascii?Q?+uWNXQdTfBJ4YuH1YfUvSkTtO3Vxuk6xatumnEW9YGYFlu62/HOPbMZByJQb?= =?us-ascii?Q?RsaX78uCs3YVh7Dyaj6k2mLxZs256IYHQ70UFSLIhTHidGmurooMXgy4GKx8?= =?us-ascii?Q?nG7aUWqmZNDLjHj94oX00EBYD23g+4V9meOfkZh1ehj7HDGlIncwBJzIEDIv?= =?us-ascii?Q?Z/3BSibXLjK52jN+gVNUgxIRt9yhz8WHy92QeB9uc/cn87pVGWWKP0JnDiKf?= =?us-ascii?Q?5bl/NYJrxl3aIE0im4wdH6mRRpNCqm7dqVfm819Cu9st+Axk+Jt4Zt5HFJAy?= =?us-ascii?Q?lvgzchk2OPFWhIZNJDQUwfLNYwPxGVO2wUhpFCpR0ffs0e/tNWwk9eUp07Y2?= =?us-ascii?Q?8gaDMjadcucn+8Y=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:58.7976 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c624d6df-0daa-4021-f705-08dd3022a99b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7556 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if l1tf mitigation is required. Disable SMT if cross-thread attack vector option is selected. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 662573ad3e51..2e3b4d768d6b 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2780,10 +2780,15 @@ static void __init l1tf_select_mitigation(void) } =20 if (l1tf_mitigation =3D=3D L1TF_MITIGATION_AUTO) { - if (cpu_mitigations_auto_nosmt()) - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; - else - l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + if (!should_mitigate_vuln(X86_BUG_L1TF)) + l1tf_mitigation =3D L1TF_MITIGATION_OFF; + else { + if (cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH_NOSMT; + else + l1tf_mitigation =3D L1TF_MITIGATION_FLUSH; + } } =20 } --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2088.outbound.protection.outlook.com [40.107.244.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C09432080FE for ; Wed, 8 Jan 2025 20:26:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367970; cv=fail; b=tlz+Yz8wGjO5/sb3e4MufhyawGDl+TCBtgddNDq8ETgCmDa4FNAhmQd4liVmEhm2TFrf+q7wbifwMJwheqCW++bxuper3tiSLr9sSfqZQlYfJmSjWPLEzjAqCbpWfmjXlhqRrckYZTj/mOY0RPlZNbq31X4NF2WHTFV/KJtWCgM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367970; c=relaxed/simple; bh=DyDzhhkeDfRFeIL9PqCrvna1wByaTdRWfAKUaXbuPC4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ruYbPOSG39MnfcEqoQAPfZYL6NLJImtEsx8/Kvp0zTIeEa8QehbboWWtk0Uj1ily/KlnxyLrpx93LuScCiPL0AFbnfw5iroLXopg9y/Frrx20kiwlS0+LXMCU/NHE0DW9VnUxBlf3jR8zxyOZj1up6TlKRDwK6HutOH1uS0buww= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XCkCjCGi; arc=fail smtp.client-ip=40.107.244.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XCkCjCGi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fF0HpKNVJyiTY5GtY0LPCZK46uvvgWUKWwPTVEQ68Bqz0uPBxZrOGP3XJZpMI89w5VoSNdUPbxBNfb3TJ8C0bqX36+LswHzJv0Jmq0Rjw8oiFXYu8Mq+QwTwH1BxGKbc30mBiBNZbpZ3IbwqEzDSkpVrVMcuTOxs9zsed31SMY/UG7J/iSXaIVefbZetKmkPSSiWzHZDvuXlynwdVf6nZRxu0tAIoDSy8n0ym3PpeEOSFEcIxI0Knm6o64bV4ME3oDsZBAReHdBlkJYX2myB3gF2ntkC2vPRr6WJZ3g9+PZfB1xQRy+4DUWt13+B3GjiHYzAQPybxUdodJTmI7FMhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BdVa4MpyoHhP+ux4jt1AzZCZLwbP2SkTjl7R2hQfRSE=; b=tAslxEPAuqMz8R8YegQaX/NIDJWRgXzr8ZQUBiR9sYsJXKdx9R7KXzATSFsOezn86Kmv7qrddcIJhmwjeo/uMzCAvgjRCW9TOz6WaAFG6Rkha70OL4SQzGIau2oobwPz8oaesKkfH5XR1cq9Ka/2NUxEunGDzfxf35j4nYNNohXzmJPvOv5f+ILKZVGiM1CIKsZDSqxhLkCIEk/lAYsX57nA5uPBUKYKp2OJD+t8ME52gOZj0Hi2W/WmC+q3lyHEfjMD0Bdm5nFrBl4vFDFvneQnyQUkAMhh+IbU2nnE5ygjfIT9b0qdmEIQ2muAQ/AOxayXtSnRUt1lsdyDuq2JCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BdVa4MpyoHhP+ux4jt1AzZCZLwbP2SkTjl7R2hQfRSE=; b=XCkCjCGivdu1SZpZ80CfsTNAO9gN7LUrkuuFwRM625rHHAxxLc7AjP3wCLjryh4sMddcxx3Z1hZWJyHtOh8XVeNmVfQLGSv9GmzZ9DzVVgyG0QZKsZ7mTLEx9nP313mABzlkEa7sg9isNi4rmlRRPjMRKbJXH4QzueGLI5U4NIw= Received: from MN2PR01CA0031.prod.exchangelabs.com (2603:10b6:208:10c::44) by SJ2PR12MB9191.namprd12.prod.outlook.com (2603:10b6:a03:55a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Wed, 8 Jan 2025 20:26:01 +0000 Received: from DS3PEPF000099DC.namprd04.prod.outlook.com (2603:10b6:208:10c:cafe::2e) by MN2PR01CA0031.outlook.office365.com (2603:10b6:208:10c::44) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.12 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DC.mail.protection.outlook.com (10.167.17.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:59 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:54 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 34/35] x86/bugs: Add attack vector controls for srso Date: Wed, 8 Jan 2025 14:25:14 -0600 Message-ID: <20250108202515.385902-35-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DC:EE_|SJ2PR12MB9191:EE_ X-MS-Office365-Filtering-Correlation-Id: b1c15eeb-69cf-4165-82ab-08dd3022aa3d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|7416014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?SH0B0iD7GTJyEVwftvIRBtRZCPalsQuP+wXIl+etCWBHH0xp2aBZ49Z0uLqt?= =?us-ascii?Q?F0kbj/PFSrvhlokkZInJVt+rnyGeYLHX/tYAccaikr4IqeYWWDbxJRHiNfxn?= =?us-ascii?Q?zo8RJCIMnXgr7yF4RiCck+USkYvavQZlboVWJAPknyU5Pqt05vpms0vpEt3m?= =?us-ascii?Q?x7DSPwWqFwEPMS+lTdKbcY9saD9u7D1THy12zmlwgkFh8ovmsEhlyNICN5+W?= =?us-ascii?Q?o9q5erAfWftR1RGcVNH653ax+zL64mk/OmcdjNUSsR5at5fqUhKabYxs3IYJ?= =?us-ascii?Q?+0bQbrgq8S0S+tMVMJwnNPZJXEnO1KkXifP0ydaDm08NnpDIUF8XuxybxA5w?= =?us-ascii?Q?6kmAqTyrCMcU4b4Qh/9Dbi+nHJHCohAUZ3OKUmircthT46vsgQiheUmrn6gd?= =?us-ascii?Q?wYX4NS3XDpd+CafH4zF9qUXw/xvxdb1doi9fhibX7VJ4onZ0NQwErE14PyS+?= =?us-ascii?Q?qUx6KNzIOcP/31KkEoSHQSG3iAKBJ5gC1Yc9ubswLgImq7EQLne6PF6+FtYO?= =?us-ascii?Q?i92d5hMp0UdcBYp5QftYi0DA9T2+ijhnhX0iBZw3tZOrdaGNm/jiE76ylF83?= =?us-ascii?Q?SR/ub1cf+u7W/s+h0UuzGNCJYuLVKPtdqcaekvNwWzB0LOOF6sHYgZtUzqUi?= =?us-ascii?Q?JpDp1Zq2XOinR6fwFcQKrQHmTvLl02zX+GbNJqoxLb5iA5R0PBlQlql/E55S?= =?us-ascii?Q?17E6P9sdOfmtgg37hP5eJ1Bt0OVb2cSvUZhgr4NapTbD1I40OfsF6MdLjdJg?= =?us-ascii?Q?Xx50jaTTvEKloBQjFcVmDAbpInP80tFA1wiAc1b8uCeRiE3D0sgp5qLwklYO?= =?us-ascii?Q?SbgsP8T9VC4GtFFBJmCbxO47QmhwoQKbrqINhXothtryC0p4fDih2nU2fQvm?= =?us-ascii?Q?432HToQVw7s0uvMfm4+2xXE5jxqBHtnQyML3eT5A4zVBCliKd5Sfvwz/it0+?= =?us-ascii?Q?uW9jsFHg+DWvtSSS1otbn/ZWS8UKlB5Qg8IWplf1PUJN1piDKzbLzJrfJaC4?= =?us-ascii?Q?DNdfXCsmF/OQ03pMdWl43pKfTQwOGSWhbC21IxZ5nGbij1Sg1Kl61+wEgy19?= =?us-ascii?Q?U48pI0q2zP5457P6OfpZdDJ/M5syC2WSmKN+7MhSdfQu0wwVFCCorft40O+o?= =?us-ascii?Q?YIJ+zgaoHJndhS4c0wjKVnyq7f50XUoqFfDNsBlo7uAYk+9WIm4KFsRybppZ?= =?us-ascii?Q?vS6mMawwDWsdBsYUgNngb5jiDBS9SwXS+GD1GTF+mlVpKKDf6mDbtMm5u+oX?= =?us-ascii?Q?+HuvjzrF/Q604qWPu8O25yAnBGWqVMhM4ZGk+rg0B6sk9lmcqIXFcKv6juu6?= =?us-ascii?Q?+d+fuSZ6bDf5FTt170rt8bRSFhk9T0YG5YiEhHpIPaQTu2SQ2He8lB24FZGc?= =?us-ascii?Q?Re3UUKmZAZ8XTbVm9jxl+4qmqDJ2JbJRi/xtSc9HqLGJvOnq9SLVe08ZMkp2?= =?us-ascii?Q?b7/nASzV6WkIom1VxRF8rz3zgb2yp3b/A9JnwTDO8zbOZNLsFuBsmWPpB/ct?= =?us-ascii?Q?tnu98EKhZINxsDU=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:59.8563 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b1c15eeb-69cf-4165-82ab-08dd3022aa3d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB9191 Content-Type: text/plain; charset="utf-8" Use attack vector controls to determine if srso mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 2e3b4d768d6b..91e00d4de8df 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -2922,8 +2922,14 @@ static void __init srso_select_mitigation(void) if (srso_mitigation =3D=3D SRSO_MITIGATION_NONE) return; =20 - if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) - srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + if (srso_mitigation =3D=3D SRSO_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_SRSO)) + srso_mitigation =3D SRSO_MITIGATION_SAFE_RET; + else { + srso_mitigation =3D SRSO_MITIGATION_NONE; + return; + } + } =20 if (has_microcode) { /* --=20 2.34.1 From nobody Fri Dec 19 17:20:07 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2082.outbound.protection.outlook.com [40.107.92.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AACCB207E02 for ; Wed, 8 Jan 2025 20:26:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367967; cv=fail; b=u1rw4uChxYn8s7SpRfK7GhiBhGaONY9ZcPrYr8VOJyaYiY3uGzaI4xF7UrDSmzK7ybrQQ2h/r4Mqwh3lLh/sicR/cj54QGGKzQ163u+qC2pALtjHDlvjJEOg12nilYLI32m3ouTNepuEcwgjtTCnZQMfG+WsY0ySx2NbdU95UMo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367967; c=relaxed/simple; bh=ERk4gzeQCYRU2+0qaoPpZVj32zn7KGLfY/i00c9yjbE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KZ49Z2o/A9xPSOTWiyRyb4nAWHXk9/A+75ltqf9hAWjeGk86hn5JhaHp1g6TD0Z0V0vdAoUyjjBmVAOSKMraajIzU4Z3PR+g8gK6n48A3fmSRaMyayHjiXb75UwQFTsJuPtL6icZv5jTZCpAH98K7zbAnVZmRyqRy+iE/1rXhuY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Mm3rUiDV; arc=fail smtp.client-ip=40.107.92.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Mm3rUiDV" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uzXMQ8cWEfLO5BjatZj1jYfN2O3ZmV/OI7Yg7os/cgfFli1pRKUjOoYMFWkShRMO2ntnVsfGzA+x4JTSVHEH01c5yeCooGI8djCD88YZkRzbtygQgGkPsISIKr54XWd1gyw/qf1Df/zFPoYHtpaOVZ2bB79f9TLzhVj/jMfu8qtn+y0+epgKsSxe1/dWeqpgyP+XGWyHE6kRksgL/zGl6lQPBI1OUbciphz8FnhEg7ijiUgYmOmZZANizPJGB1EwfxkmMrDfCT8mqG5eqz83rbt1+kFI8dH0msm/57Ba+ot3cNYjkeAJW0ZQ9A8tp35B1FKDbAdAZTZpPA38B2UuAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2TMqIhDkeN9qwTEyORIulUXGxmW4N979VGzkS4khWeg=; b=fnFrbgfAUa8C86DEAAidN83PvlU7M9Xo0qSGzp9+QkmUhryg4WIfjleSzYCKflGIQ9ncRzc8U2VBv2cwi3+qrJJSPpUMk60ruvBZVU3U+2Z+52mb0mOn75UalzFltLCuAdK4kjuNr6gBAibqkdPnbMMVZHb80QBLLMFCA3ahOGTkAyAuum0xz7el3egIMAukTSXsLKximtJKdvDBxQSYKKWPTWCou0BW0JCFUHJx2t9VYYZrgQHaLTJ5Lx0wc/vvix3XldtefRtIN1IybpH4KLeuFXcS1LQNpeUJDVXkNqehiYjAySOseooTCx9kwOetIHD8d0p4ATs9vgmJRO+ziA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2TMqIhDkeN9qwTEyORIulUXGxmW4N979VGzkS4khWeg=; b=Mm3rUiDVOPzGKVKrZc5Y16Ec8Lx110Kpfin59oDHzVuI9BflmDUtzbSybMKKuppG7EE0VMn6SSsIqrnpeHXSAyGsBzqDydQsa/pF1R8blEdN0+llXSOZHzfMupp/t5dsAijAsl4ehhu6XPh66coPHGejVReVrUZFSiOiTGZNLbs= Received: from MN2PR01CA0027.prod.exchangelabs.com (2603:10b6:208:10c::40) by CY8PR12MB7170.namprd12.prod.outlook.com (2603:10b6:930:5a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.15; Wed, 8 Jan 2025 20:26:02 +0000 Received: from DS3PEPF000099DC.namprd04.prod.outlook.com (2603:10b6:208:10c:cafe::67) by MN2PR01CA0027.outlook.office365.com (2603:10b6:208:10c::40) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8314.18 via Frontend Transport; Wed, 8 Jan 2025 20:25:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DC.mail.protection.outlook.com (10.167.17.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:26:01 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:55 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 35/35] x86/pti: Add attack vector controls for pti Date: Wed, 8 Jan 2025 14:25:15 -0600 Message-ID: <20250108202515.385902-36-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DC:EE_|CY8PR12MB7170:EE_ X-MS-Office365-Filtering-Correlation-Id: 6c860af9-530e-4529-8bae-08dd3022ab29 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|7416014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?TKR2wQhJpdVdTVp8G2Vx63dmT1SyDVdQBtstkUuUMqpbSLREEIoqXXs2qDDZ?= =?us-ascii?Q?+TNW/ldMMUfOHJHs76SdxNscw4Rz5L4Fp+wAM+tCobc5oeVlJVqA21zcadjO?= =?us-ascii?Q?HYYjLasxDeG+tJvrCko7DixmGLKMRyEcVgYRcS7jzPfrC0qRk0399OMYyPqy?= =?us-ascii?Q?+Vs77L5CJL5a/fsF5KyJ/zN93tN15ryMsaFKk2B6mwu0TXk0JXdBIMzM2aX3?= =?us-ascii?Q?o5oGPtTYfDnRcJjsHmW5qjQ8RMAnxaoe9gOBYSptrTTZsEH/hnLQiVSE4lGI?= =?us-ascii?Q?ieibIrgtVcDYUzCvQoPCtWCgiJZGhZfC5BvXuq3pVzl0GTizWjQVePzqc9nO?= =?us-ascii?Q?5lRSql9ENh2N+4c6Y1YRJ3KC+FTKR5pQA427DA1A2jjs/Dg1hGMOR/ZPUDMH?= =?us-ascii?Q?Cy9TRpvBeuFTwN7kG6OBarl20mlPfg0YULY98EFfvVBfrb1loXKcPQWRlg2f?= =?us-ascii?Q?ZG3+hRwLkugeQx9BgjZioK7J6TEaztT9DJ9P/g3dqKft72T1RRU1EmKJF1rf?= =?us-ascii?Q?Ez9IjT/d778j8fDgYINM+DGvctzwz3G57+t8e3eXlMshM9xr8HYA1njGaECh?= =?us-ascii?Q?dXGDFKc/slKejAp1QNKLaWATFon9C7DTqGk5M3icwc0vm5c85ACipjDqjkoS?= =?us-ascii?Q?kRgpZcYSBf5eqrYBZjnQnvzSc77cfx6BLU5kslfK3ItHUdO2+OZ3DI9L51ew?= =?us-ascii?Q?GGzbw7Y1Y/3QgoNTu+PvuoQH6Vee8BFtjfa+dznHjr93UCNogQO+s/OnPOK/?= =?us-ascii?Q?ceFoA+7E+F++rkB6oNOzeA4kKy1WMpyxn2YDJzK6Zh3hFhoLGAA4RN5weq4w?= =?us-ascii?Q?q5cuLl1PphKP4LEqFIE1MzerhUujjLtPdlXdXlc4G3kz7SD5r5RaqWE7Crqg?= =?us-ascii?Q?ZbimLKMeXvh7f8K8s+Z9L5RJerA4HO9Z/guDsQuKASD0KNX7JhuxkURg4i+X?= =?us-ascii?Q?e4Ju2XlBeN7oNcyn9mDaCnin2i4cNpgl8kDm3gviiYWxttuJ/xwbtMY/DhwM?= =?us-ascii?Q?cJueiufguCdXfaCDw67oKkJPUX4qQ5o8SQQ/fOBwLcrJS3Rg5zR6B4XHi1gL?= =?us-ascii?Q?kpOQaQJ9UQRnNXNGVQ7artATByqdOBncTSItQ0SBk372YR/aJtPcwQVwLUin?= =?us-ascii?Q?b6fnzz/N4Onb1ncCJKGkpN+14c5C0Nak4WnfdYYj0S04UR+0ECiO5TGbC7mz?= =?us-ascii?Q?Ndw9w0UDXXihBbGfuFkvOyCWo0/IXI3u81bs4Tj+5JGA8xSJpXdwRDim2JaJ?= =?us-ascii?Q?NeU4F9LatxCcT+sDv3q+mzqeeRJCoJMvJQXwtzhkiDgMBQkf0p4lU1uVVC9m?= =?us-ascii?Q?DPstr8OHg/7MFQIl7bFG9uLmvAQWrikS5qKW5eFzXkhDaxgZMBh7QOXNZQyl?= =?us-ascii?Q?lBvs4ZZ+8LmwAY74NLrM1yJen08QIimUs5xna5vHv7xJEiOHm5/hBZYJS4Si?= =?us-ascii?Q?9S4ABxNH+j9MULWE5vd6bEgZv7w3QUio7oQbmNQJegnniwkdwunYQzAxVLM0?= =?us-ascii?Q?ky3rR13xRNArVns=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:26:01.4188 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6c860af9-530e-4529-8bae-08dd3022ab29 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DC.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7170 Content-Type: text/plain; charset="utf-8" Disable PTI mitigation if user->kernel attack vector mitigations are disabled. Signed-off-by: David Kaplan --- arch/x86/mm/pti.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 5f0d579932c6..132840528d55 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -38,6 +38,7 @@ #include #include #include +#include =20 #undef pr_fmt #define pr_fmt(fmt) "Kernel/User page tables isolation: " fmt @@ -94,7 +95,8 @@ void __init pti_check_boottime_disable(void) if (pti_mode =3D=3D PTI_FORCE_ON) pti_print_if_secure("force enabled on command line."); =20 - if (pti_mode =3D=3D PTI_AUTO && !boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) + if (pti_mode =3D=3D PTI_AUTO && (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN) = || + !cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL))) return; =20 setup_force_cpu_cap(X86_FEATURE_PTI); --=20 2.34.1