Attack vector controls

[PATCH v4 20/36] x86/bugs: Determine relevant vulnerabilities based on attack vector controls.

Posted by David Kaplan 11 months ago

The function should_mitigate_vuln() defines which vulnerabilities should
be mitigated based on the selected attack vector controls.  The
selections here are based on the individual characteristics of each
vulnerability.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/cpu/bugs.c | 55 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index d48b0a941b2d..2323bfbcd694 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -300,6 +300,61 @@ static void x86_amd_ssb_disable(void)
 #undef pr_fmt
 #define pr_fmt(fmt)	"MDS: " fmt
 
+/*
+ * Returns true if vulnerability should be mitigated based on the
+ * selected attack vector controls.
+ *
+ * See Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
+ */
+static bool __init should_mitigate_vuln(unsigned int bug)
+{
+	switch (bug) {
+	/*
+	 * The only runtime-selected spectre_v1 mitigations in the kernel are
+	 * related to SWAPGS protection on kernel entry.  Therefore, protection
+	 * is only required for the user->kernel attack vector.
+	 */
+	case X86_BUG_SPECTRE_V1:
+		return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL);
+
+	case X86_BUG_SPECTRE_V2:
+	case X86_BUG_RETBLEED:
+	case X86_BUG_SRSO:
+	case X86_BUG_L1TF:
+		return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST);
+
+	case X86_BUG_SPECTRE_V2_USER:
+		return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST);
+
+	/*
+	 * All the vulnerabilities below allow potentially leaking data
+	 * across address spaces.  Therefore, mitigation is required for
+	 * any of these 4 attack vectors.
+	 */
+	case X86_BUG_MDS:
+	case X86_BUG_TAA:
+	case X86_BUG_MMIO_STALE_DATA:
+	case X86_BUG_RFDS:
+	case X86_BUG_SRBDS:
+		return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST);
+
+	case X86_BUG_GDS:
+		return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
+		       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST) ||
+		       (smt_mitigations != SMT_MITIGATIONS_OFF);
+	default:
+		WARN(1, "Unknown bug %x\n", bug);
+		return false;
+	}
+}
+
 /* Default mitigation for MDS-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init =
 	IS_ENABLED(CONFIG_MITIGATION_MDS) ? MDS_MITIGATION_AUTO : MDS_MITIGATION_OFF;
-- 
2.34.1

Re: [PATCH v4 20/36] x86/bugs: Determine relevant vulnerabilities based on attack vector controls.

Posted by kernel test robot 11 months ago

Hi David,

kernel test robot noticed the following build errors:

[auto build test ERROR on tip/master]
[cannot apply to tip/x86/core linus/master tip/auto-latest tip/smp/core v6.14-rc6 next-20250311]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/David-Kaplan/x86-bugs-Restructure-mds-mitigation/20250311-005151
base:   tip/master
patch link:    https://lore.kernel.org/r/20250310164023.779191-21-david.kaplan%40amd.com
patch subject: [PATCH v4 20/36] x86/bugs: Determine relevant vulnerabilities based on attack vector controls.
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20250312/202503121906.IF0k61bY-lkp@intel.com/config)
compiler: clang version 19.1.7 (https://github.com/llvm/llvm-project cd708029e0b2869e80abe31ddb175f7c35361f90)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250312/202503121906.IF0k61bY-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503121906.IF0k61bY-lkp@intel.com/

All errors (new ones prefixed by >>):

>> arch/x86/kernel/cpu/bugs.c:351:11: error: use of undeclared identifier 'smt_mitigations'; did you mean 'l1tf_mitigation'?
     351 |                        (smt_mitigations != SMT_MITIGATIONS_OFF);
         |                         ^~~~~~~~~~~~~~~
         |                         l1tf_mitigation
   arch/x86/include/asm/processor.h:745:30: note: 'l1tf_mitigation' declared here
     745 | extern enum l1tf_mitigations l1tf_mitigation;
         |                              ^
   arch/x86/kernel/cpu/bugs.c:1561:7: warning: variable 'smt_possible' set but not used [-Wunused-but-set-variable]
    1561 |         bool smt_possible = IS_ENABLED(CONFIG_SMP);
         |              ^
   1 warning and 1 error generated.


vim +351 arch/x86/kernel/cpu/bugs.c

   302	
   303	/*
   304	 * Returns true if vulnerability should be mitigated based on the
   305	 * selected attack vector controls.
   306	 *
   307	 * See Documentation/admin-guide/hw-vuln/attack_vector_controls.rst
   308	 */
   309	static bool __init should_mitigate_vuln(unsigned int bug)
   310	{
   311		switch (bug) {
   312		/*
   313		 * The only runtime-selected spectre_v1 mitigations in the kernel are
   314		 * related to SWAPGS protection on kernel entry.  Therefore, protection
   315		 * is only required for the user->kernel attack vector.
   316		 */
   317		case X86_BUG_SPECTRE_V1:
   318			return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL);
   319	
   320		case X86_BUG_SPECTRE_V2:
   321		case X86_BUG_RETBLEED:
   322		case X86_BUG_SRSO:
   323		case X86_BUG_L1TF:
   324			return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
   325			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST);
   326	
   327		case X86_BUG_SPECTRE_V2_USER:
   328			return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
   329			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST);
   330	
   331		/*
   332		 * All the vulnerabilities below allow potentially leaking data
   333		 * across address spaces.  Therefore, mitigation is required for
   334		 * any of these 4 attack vectors.
   335		 */
   336		case X86_BUG_MDS:
   337		case X86_BUG_TAA:
   338		case X86_BUG_MMIO_STALE_DATA:
   339		case X86_BUG_RFDS:
   340		case X86_BUG_SRBDS:
   341			return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
   342			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) ||
   343			       cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
   344			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST);
   345	
   346		case X86_BUG_GDS:
   347			return cpu_mitigate_attack_vector(CPU_MITIGATE_USER_KERNEL) ||
   348			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_HOST) ||
   349			       cpu_mitigate_attack_vector(CPU_MITIGATE_USER_USER) ||
   350			       cpu_mitigate_attack_vector(CPU_MITIGATE_GUEST_GUEST) ||
 > 351			       (smt_mitigations != SMT_MITIGATIONS_OFF);
   352		default:
   353			WARN(1, "Unknown bug %x\n", bug);
   354			return false;
   355		}
   356	}
   357	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki