From nobody Fri Dec 19 19:04:22 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2051.outbound.protection.outlook.com [40.107.220.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53BD8205E2E for ; Wed, 8 Jan 2025 20:25:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367959; cv=fail; b=pjKtPsuPckPanW1YU0xb+2G/XLFM/7RCMOwnJdIzquxI81DQEQ1AWcJ8fYCAVVKbmKTOCO4EJWLf22Kd6RjMKJom5eut2N6DJiML5FfwcvuMlkAm98vGsk1jbuzrtp40XDIlGKQCZNpAdImOqTgJ8j0jiLV/oDg8gP2kokJTKmg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736367959; c=relaxed/simple; bh=vJbQLcKdtye4uHLS2GP3qsBaZys3PxMTusiv46cIS/E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CyLtr5coSBfCys3RgdJ9M3E/6x2eHhocGvAysP9Y7Ee8WwItUHWBoE+zdNALqTMZwvX76pHH1mmKOEQgpWR5D/gk+WRnkFfdapdx+fR0tmHoAgha3LtKCub3aJttNrVMCsTYa+ldcOkbNabSy2U0NuUmgJc1MtkL5rV8O4godnQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rCJ2gN3D; arc=fail smtp.client-ip=40.107.220.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rCJ2gN3D" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PeT7PxW9LFrp101qMeFyVfywqEg0ld1Cve65rM+lKnzJZgjHYIiisOU1JfZSSPG56F2HhwUG/kKWM41gngUF8oGa3fhPKlvQCJxckJ9q9vt7AfuDDKj/pLq0OF9uDnMAZPSk+EmpKbNEIcKTW4LMpA/wcBR/7dMFiA8KMSB9Jcp0oybVOkO1J0xHuZcm7CVjnvSDn3GmwKm/Cud2KXj6xaQJswaGccFa9YvgKOGQPIjR//gXAQ1tudq+/XMd35p43Jo0pT80STFzAcMLfY58+s/YL9pgqwOtGyIy7HvJYOq5qpUX7dyR/qYxtFF+GXD/q6wt/EtcZ8Oeqdg3kn7ZoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2B9fszAENe5j6qL2TJ5nL2oc+yqbQ5KiI9Kx3KR7o68=; b=nZz4aUbfSKo7ztPOb/yKJHsrR2eNksdPzd4jbyVRP2+DCk4Qf432sUdp2LpOOm6hZYR2s87nsyUMuziQN3jLMegYeIeeRbKTCpIOJJ3yjRH2wNBH0ZcjO5NOClcp6k94YZFqE/J0qEXjH8pPoun5y6ooKXfAbrBr8J++mL+67xY9tOxYy9MfTp/PoGzARuegSto23Lmx2TI+vGtf8QZo093C3eXyQ+JakUSSeKVIumONvm6HWbBmv4nZq+msfptUjpJjj7DBXFWGyYsha7Dn++lZoePf/DQq8uZah7YzDphFb9m2WXt55Y6orWzmqC0r51YtgNvdhOUjvx8TF0rGWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=linutronix.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2B9fszAENe5j6qL2TJ5nL2oc+yqbQ5KiI9Kx3KR7o68=; b=rCJ2gN3DE1Epz5StqcxOBdnVgoacu7QpmXvTEy5+hvHpL/2HYrJHCmmzpFAE8TTsKxG2azH5BL5feGtFwgYnTqo6Pqg9CEvU7NgJC76seGwihbi9/bCzXW8tvHUlEYObtsYYjeDhVRYghL6E0T+lXo4LDOch+eTDiIgrBfh/m1c= Received: from SA9PR11CA0015.namprd11.prod.outlook.com (2603:10b6:806:6e::20) by SA3PR12MB8762.namprd12.prod.outlook.com (2603:10b6:806:31f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.18; Wed, 8 Jan 2025 20:25:50 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:806:6e:cafe::ff) by SA9PR11CA0015.outlook.office365.com (2603:10b6:806:6e::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8335.11 via Frontend Transport; Wed, 8 Jan 2025 20:25:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8335.7 via Frontend Transport; Wed, 8 Jan 2025 20:25:49 +0000 Received: from tiny.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 8 Jan 2025 14:25:49 -0600 From: David Kaplan To: Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Ingo Molnar , Dave Hansen , , "H . Peter Anvin" CC: Subject: [PATCH v3 24/35] x86/bugs: Add attack vector controls for mmio Date: Wed, 8 Jan 2025 14:25:04 -0600 Message-ID: <20250108202515.385902-25-david.kaplan@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250108202515.385902-1-david.kaplan@amd.com> References: <20250108202515.385902-1-david.kaplan@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SA3PR12MB8762:EE_ X-MS-Office365-Filtering-Correlation-Id: 71e5ff5a-af64-4ae3-d360-08dd3022a445 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?b3xODPrawireqbsI+GeN6o9ji9Nmo+Dm7HKwyyxRl8RbyNkgH6v8sfTdm+KP?= =?us-ascii?Q?9tsoPidlJ2uObBVq2g5p/367fEybLkIIJhEcOZsEXk+RhNqF8Lenvt3gRwlm?= =?us-ascii?Q?K22MfSu+Ma2O7jdFH6/H33LEZDBix/aXNy/FzRRYsTSdwVIPBRw0SUj1uqVU?= =?us-ascii?Q?7GPa99sgWxbdTaz0o6Ke/bYIIexyhIeJoQyDgNTTfK094RiVEljMVVZuEjAi?= =?us-ascii?Q?5/n6VTa3AZ9aTnAs/54X00IxN4aIrQyARowmT7nQ82qZ4PHulDjnLuVOn7ae?= =?us-ascii?Q?+ANUD3z7asnjkgRYX9xvZOxFmaaYVnC54P7sK22temzOEjJ1CD2O+JHeYHYC?= =?us-ascii?Q?luZD1R7m4bpicBpkNT7/K4tkLTe43qMQSjQPI/C57MkXNHtysy/0IWo1bmJb?= =?us-ascii?Q?xajTrYi+IbCAmxNbJvfDR4m/qmYSOf+qxt8Fzdl0shBavSw5qccDypYimGkN?= =?us-ascii?Q?y9PDhR+GtL+suXxqk+8JCooJefWm5beeTFxaUVCUp/2PpykcxuneaXaBqoNd?= =?us-ascii?Q?cUiaG32OolfAaQJ2YYgeYQW7IZNBPun19B8wHqKRVKBQu8HpchbOBmoRR4sZ?= =?us-ascii?Q?L6KYkSZ3ETOgmV6LztJxTJ7jgHz6n/VUdm4r+RCnro4INrlVuIaRkvFHHXRO?= =?us-ascii?Q?L22+sB75asp7o4FhENcwcAtYjH8oMxr1D248UiD1gQUuAkV5+ZnAXWggjv9A?= =?us-ascii?Q?Yb+S7WzaZG+0+2d10bFfCqf4mfHqi6LwO4fx7Ky8zAJSy3EiE+VrYXzTYILW?= =?us-ascii?Q?p7iTHu2yO2AfZrUzzXS+V1Pt85fsEPrdf3fXVmtgclislhYjCCOBmtBCvC1g?= =?us-ascii?Q?A4jC2Z0TPJTF25u2LM+my1BgwoUiUou4rEN+sxlovQ80fOiKfVmbkqN/ARMf?= =?us-ascii?Q?4IB5JaoVyzWbRbcVDHU6/mwTe8dGRJqvOfydSIhw5VcOqtcd2m/GVHhw5qXj?= =?us-ascii?Q?XCpI//niUH0ohTgV7Tbu80WG8Er31UDgLLlMnsoGkwJKRGAsISXQO73wY0NJ?= =?us-ascii?Q?+hZqSXMTYvF+ryR+fUnE9glFpewEqce1YNMnna850FAWC2ZIvZJWrjNvSPel?= =?us-ascii?Q?rdc8SrY79JiCAMs5LNxChzK/UaSdwXT2WsyvD4t/9VbmYYdsmqtH6IfmBPnA?= =?us-ascii?Q?k/XQHNgvFHilryCKXCP6soFeBL9iluZdMc/IL170Wbjn4YEtqON7AxwIS0B3?= =?us-ascii?Q?f6e/e62X29IQjtYo6q3WB3DtvrNEql7E7uenh5MkOEJ0DSZ8DrmXXo+bLe0g?= =?us-ascii?Q?jnYilgut5CXSFNKw+tgDbhGSBnEJWwlPtPdh8N03j86uI+hgZXUaFvlCtfW4?= =?us-ascii?Q?ucDvrchGj//VAHycg232MQYFUmtVUeWuxcAej4LjdiGseaF5sfFV4TbggE90?= =?us-ascii?Q?se40UjSavKfnuHBfHIBUFUfvbFu/0mRNzn5V+RFbUAcK/MYw2EpQ6CENHqqF?= =?us-ascii?Q?MnvcAn6oB9DlSgn7GrrnAl5Rn5PEGmu/rgRDUgrEAO+whL/2259iIi1U291N?= =?us-ascii?Q?j828DlW/aQdpQGM=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jan 2025 20:25:49.8445 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 71e5ff5a-af64-4ae3-d360-08dd3022a445 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB8762 Content-Type: text/plain; charset="utf-8" Use attack vectors controls to determine if mmio mitigation is required. Signed-off-by: David Kaplan --- arch/x86/kernel/cpu/bugs.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index af5aaa0397c7..4249a1f1524c 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -676,9 +676,12 @@ static void __init mmio_select_mitigation(void) return; =20 /* Microcode will be checked in mmio_update_mitigation(). */ - if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) - mmio_mitigation =3D MMIO_MITIGATION_VERW; - + if (mmio_mitigation =3D=3D MMIO_MITIGATION_AUTO) { + if (should_mitigate_vuln(X86_BUG_MMIO_STALE_DATA)) + mmio_mitigation =3D MMIO_MITIGATION_VERW; + else + mmio_mitigation =3D MMIO_MITIGATION_OFF; + } } =20 static void __init mmio_update_mitigation(void) @@ -739,7 +742,8 @@ static void __init mmio_apply_mitigation(void) if (!(x86_arch_cap_msr & ARCH_CAP_FBSDP_NO)) static_branch_enable(&mds_idle_clear); =20 - if (mmio_nosmt || cpu_mitigations_auto_nosmt()) + if (mmio_nosmt || cpu_mitigations_auto_nosmt() || + cpu_mitigate_attack_vector(CPU_MITIGATE_CROSS_THREAD)) cpu_smt_disable(false); } =20 --=20 2.34.1