diff options
Diffstat (limited to 'arch/x86/kernel/cpu/bugs.c')
| -rw-r--r-- | arch/x86/kernel/cpu/bugs.c | 235 | 
1 files changed, 199 insertions, 36 deletions
| diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index d879a6c93609..74c62cc47a5f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -41,8 +41,10 @@ static void __init spectre_v2_select_mitigation(void);  static void __init ssb_select_mitigation(void);  static void __init l1tf_select_mitigation(void);  static void __init mds_select_mitigation(void); -static void __init mds_print_mitigation(void); +static void __init md_clear_update_mitigation(void); +static void __init md_clear_select_mitigation(void);  static void __init taa_select_mitigation(void); +static void __init mmio_select_mitigation(void);  static void __init srbds_select_mitigation(void);  static void __init l1d_flush_select_mitigation(void); @@ -85,6 +87,10 @@ EXPORT_SYMBOL_GPL(mds_idle_clear);   */  DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); +/* Controls CPU Fill buffer clear before KVM guest MMIO accesses */ +DEFINE_STATIC_KEY_FALSE(mmio_stale_data_clear); +EXPORT_SYMBOL_GPL(mmio_stale_data_clear); +  void __init check_bugs(void)  {  	identify_boot_cpu(); @@ -117,17 +123,10 @@ void __init check_bugs(void)  	spectre_v2_select_mitigation();  	ssb_select_mitigation();  	l1tf_select_mitigation(); -	mds_select_mitigation(); -	taa_select_mitigation(); +	md_clear_select_mitigation();  	srbds_select_mitigation();  	l1d_flush_select_mitigation(); -	/* -	 * As MDS and TAA mitigations are inter-related, print MDS -	 * mitigation until after TAA mitigation selection is done. -	 */ -	mds_print_mitigation(); -  	arch_smt_update();  #ifdef CONFIG_X86_32 @@ -267,14 +266,6 @@ static void __init mds_select_mitigation(void)  	}  } -static void __init mds_print_mitigation(void) -{ -	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) -		return; - -	pr_info("%s\n", mds_strings[mds_mitigation]); -} -  static int __init mds_cmdline(char *str)  {  	if (!boot_cpu_has_bug(X86_BUG_MDS)) @@ -329,7 +320,7 @@ static void __init taa_select_mitigation(void)  	/* TSX previously disabled by tsx=off */  	if (!boot_cpu_has(X86_FEATURE_RTM)) {  		taa_mitigation = TAA_MITIGATION_TSX_DISABLED; -		goto out; +		return;  	}  	if (cpu_mitigations_off()) { @@ -343,7 +334,7 @@ static void __init taa_select_mitigation(void)  	 */  	if (taa_mitigation == TAA_MITIGATION_OFF &&  	    mds_mitigation == MDS_MITIGATION_OFF) -		goto out; +		return;  	if (boot_cpu_has(X86_FEATURE_MD_CLEAR))  		taa_mitigation = TAA_MITIGATION_VERW; @@ -375,18 +366,6 @@ static void __init taa_select_mitigation(void)  	if (taa_nosmt || cpu_mitigations_auto_nosmt())  		cpu_smt_disable(false); - -	/* -	 * Update MDS mitigation, if necessary, as the mds_user_clear is -	 * now enabled for TAA mitigation. -	 */ -	if (mds_mitigation == MDS_MITIGATION_OFF && -	    boot_cpu_has_bug(X86_BUG_MDS)) { -		mds_mitigation = MDS_MITIGATION_FULL; -		mds_select_mitigation(); -	} -out: -	pr_info("%s\n", taa_strings[taa_mitigation]);  }  static int __init tsx_async_abort_parse_cmdline(char *str) @@ -411,6 +390,151 @@ static int __init tsx_async_abort_parse_cmdline(char *str)  early_param("tsx_async_abort", tsx_async_abort_parse_cmdline);  #undef pr_fmt +#define pr_fmt(fmt)	"MMIO Stale Data: " fmt + +enum mmio_mitigations { +	MMIO_MITIGATION_OFF, +	MMIO_MITIGATION_UCODE_NEEDED, +	MMIO_MITIGATION_VERW, +}; + +/* Default mitigation for Processor MMIO Stale Data vulnerabilities */ +static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW; +static bool mmio_nosmt __ro_after_init = false; + +static const char * const mmio_strings[] = { +	[MMIO_MITIGATION_OFF]		= "Vulnerable", +	[MMIO_MITIGATION_UCODE_NEEDED]	= "Vulnerable: Clear CPU buffers attempted, no microcode", +	[MMIO_MITIGATION_VERW]		= "Mitigation: Clear CPU buffers", +}; + +static void __init mmio_select_mitigation(void) +{ +	u64 ia32_cap; + +	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || +	    cpu_mitigations_off()) { +		mmio_mitigation = MMIO_MITIGATION_OFF; +		return; +	} + +	if (mmio_mitigation == MMIO_MITIGATION_OFF) +		return; + +	ia32_cap = x86_read_arch_cap_msr(); + +	/* +	 * Enable CPU buffer clear mitigation for host and VMM, if also affected +	 * by MDS or TAA. Otherwise, enable mitigation for VMM only. +	 */ +	if (boot_cpu_has_bug(X86_BUG_MDS) || (boot_cpu_has_bug(X86_BUG_TAA) && +					      boot_cpu_has(X86_FEATURE_RTM))) +		static_branch_enable(&mds_user_clear); +	else +		static_branch_enable(&mmio_stale_data_clear); + +	/* +	 * If Processor-MMIO-Stale-Data bug is present and Fill Buffer data can +	 * be propagated to uncore buffers, clearing the Fill buffers on idle +	 * is required irrespective of SMT state. +	 */ +	if (!(ia32_cap & ARCH_CAP_FBSDP_NO)) +		static_branch_enable(&mds_idle_clear); + +	/* +	 * Check if the system has the right microcode. +	 * +	 * CPU Fill buffer clear mitigation is enumerated by either an explicit +	 * FB_CLEAR or by the presence of both MD_CLEAR and L1D_FLUSH on MDS +	 * affected systems. +	 */ +	if ((ia32_cap & ARCH_CAP_FB_CLEAR) || +	    (boot_cpu_has(X86_FEATURE_MD_CLEAR) && +	     boot_cpu_has(X86_FEATURE_FLUSH_L1D) && +	     !(ia32_cap & ARCH_CAP_MDS_NO))) +		mmio_mitigation = MMIO_MITIGATION_VERW; +	else +		mmio_mitigation = MMIO_MITIGATION_UCODE_NEEDED; + +	if (mmio_nosmt || cpu_mitigations_auto_nosmt()) +		cpu_smt_disable(false); +} + +static int __init mmio_stale_data_parse_cmdline(char *str) +{ +	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) +		return 0; + +	if (!str) +		return -EINVAL; + +	if (!strcmp(str, "off")) { +		mmio_mitigation = MMIO_MITIGATION_OFF; +	} else if (!strcmp(str, "full")) { +		mmio_mitigation = MMIO_MITIGATION_VERW; +	} else if (!strcmp(str, "full,nosmt")) { +		mmio_mitigation = MMIO_MITIGATION_VERW; +		mmio_nosmt = true; +	} + +	return 0; +} +early_param("mmio_stale_data", mmio_stale_data_parse_cmdline); + +#undef pr_fmt +#define pr_fmt(fmt)     "" fmt + +static void __init md_clear_update_mitigation(void) +{ +	if (cpu_mitigations_off()) +		return; + +	if (!static_key_enabled(&mds_user_clear)) +		goto out; + +	/* +	 * mds_user_clear is now enabled. Update MDS, TAA and MMIO Stale Data +	 * mitigation, if necessary. +	 */ +	if (mds_mitigation == MDS_MITIGATION_OFF && +	    boot_cpu_has_bug(X86_BUG_MDS)) { +		mds_mitigation = MDS_MITIGATION_FULL; +		mds_select_mitigation(); +	} +	if (taa_mitigation == TAA_MITIGATION_OFF && +	    boot_cpu_has_bug(X86_BUG_TAA)) { +		taa_mitigation = TAA_MITIGATION_VERW; +		taa_select_mitigation(); +	} +	if (mmio_mitigation == MMIO_MITIGATION_OFF && +	    boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) { +		mmio_mitigation = MMIO_MITIGATION_VERW; +		mmio_select_mitigation(); +	} +out: +	if (boot_cpu_has_bug(X86_BUG_MDS)) +		pr_info("MDS: %s\n", mds_strings[mds_mitigation]); +	if (boot_cpu_has_bug(X86_BUG_TAA)) +		pr_info("TAA: %s\n", taa_strings[taa_mitigation]); +	if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) +		pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); +} + +static void __init md_clear_select_mitigation(void) +{ +	mds_select_mitigation(); +	taa_select_mitigation(); +	mmio_select_mitigation(); + +	/* +	 * As MDS, TAA and MMIO Stale Data mitigations are inter-related, update +	 * and print their mitigation after MDS, TAA and MMIO Stale Data +	 * mitigation selection is done. +	 */ +	md_clear_update_mitigation(); +} + +#undef pr_fmt  #define pr_fmt(fmt)	"SRBDS: " fmt  enum srbds_mitigations { @@ -478,11 +602,13 @@ static void __init srbds_select_mitigation(void)  		return;  	/* -	 * Check to see if this is one of the MDS_NO systems supporting -	 * TSX that are only exposed to SRBDS when TSX is enabled. +	 * Check to see if this is one of the MDS_NO systems supporting TSX that +	 * are only exposed to SRBDS when TSX is enabled or when CPU is affected +	 * by Processor MMIO Stale Data vulnerability.  	 */  	ia32_cap = x86_read_arch_cap_msr(); -	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM)) +	if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM) && +	    !boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA))  		srbds_mitigation = SRBDS_MITIGATION_TSX_OFF;  	else if (boot_cpu_has(X86_FEATURE_HYPERVISOR))  		srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR; @@ -1116,6 +1242,8 @@ static void update_indir_branch_cond(void)  /* Update the static key controlling the MDS CPU buffer clear in idle */  static void update_mds_branch_idle(void)  { +	u64 ia32_cap = x86_read_arch_cap_msr(); +  	/*  	 * Enable the idle clearing if SMT is active on CPUs which are  	 * affected only by MSBDS and not any other MDS variant. @@ -1127,14 +1255,17 @@ static void update_mds_branch_idle(void)  	if (!boot_cpu_has_bug(X86_BUG_MSBDS_ONLY))  		return; -	if (sched_smt_active()) +	if (sched_smt_active()) {  		static_branch_enable(&mds_idle_clear); -	else +	} else if (mmio_mitigation == MMIO_MITIGATION_OFF || +		   (ia32_cap & ARCH_CAP_FBSDP_NO)) {  		static_branch_disable(&mds_idle_clear); +	}  }  #define MDS_MSG_SMT "MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.\n"  #define TAA_MSG_SMT "TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.\n" +#define MMIO_MSG_SMT "MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.\n"  void cpu_bugs_smt_update(void)  { @@ -1179,6 +1310,16 @@ void cpu_bugs_smt_update(void)  		break;  	} +	switch (mmio_mitigation) { +	case MMIO_MITIGATION_VERW: +	case MMIO_MITIGATION_UCODE_NEEDED: +		if (sched_smt_active()) +			pr_warn_once(MMIO_MSG_SMT); +		break; +	case MMIO_MITIGATION_OFF: +		break; +	} +  	mutex_unlock(&spec_ctrl_mutex);  } @@ -1781,6 +1922,20 @@ static ssize_t tsx_async_abort_show_state(char *buf)  		       sched_smt_active() ? "vulnerable" : "disabled");  } +static ssize_t mmio_stale_data_show_state(char *buf) +{ +	if (mmio_mitigation == MMIO_MITIGATION_OFF) +		return sysfs_emit(buf, "%s\n", mmio_strings[mmio_mitigation]); + +	if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { +		return sysfs_emit(buf, "%s; SMT Host state unknown\n", +				  mmio_strings[mmio_mitigation]); +	} + +	return sysfs_emit(buf, "%s; SMT %s\n", mmio_strings[mmio_mitigation], +			  sched_smt_active() ? "vulnerable" : "disabled"); +} +  static char *stibp_state(void)  {  	if (spectre_v2_in_eibrs_mode(spectre_v2_enabled)) @@ -1881,6 +2036,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr  	case X86_BUG_SRBDS:  		return srbds_show_state(buf); +	case X86_BUG_MMIO_STALE_DATA: +		return mmio_stale_data_show_state(buf); +  	default:  		break;  	} @@ -1932,4 +2090,9 @@ ssize_t cpu_show_srbds(struct device *dev, struct device_attribute *attr, char *  {  	return cpu_show_common(dev, attr, buf, X86_BUG_SRBDS);  } + +ssize_t cpu_show_mmio_stale_data(struct device *dev, struct device_attribute *attr, char *buf) +{ +	return cpu_show_common(dev, attr, buf, X86_BUG_MMIO_STALE_DATA); +}  #endif | 
