[MODERATED] Re: [patch 1/8] [PATCH v1.3.1 1/7] Linux Patch 1

[Borislav Petkov <bp@suse.de>]

Lemme paste my comments from last time, now that the whole encrypted
mail thing and glue around it works. :)

On Thu, Apr 12, 2018 at 10:26:50PM -0400, speck for konrad.wilk_at_oracle.com wrote:
> x86/mdd: Expose the /sys/../md and BUG_MD
> 
> It does not do much except show the words 'Vulnerable'.
> 
> It assumes that Cyrix, Old Intel CPUs are immune to this.
> 
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
> v3: Remove AMD
>     s/md/mdd/
> ---
>  arch/x86/include/asm/cpufeatures.h |  1 +
>  arch/x86/kernel/cpu/bugs.c         |  8 ++++++++
>  arch/x86/kernel/cpu/common.c       | 17 +++++++++++++++++
>  drivers/base/cpu.c                 |  8 ++++++++
>  include/linux/cpu.h                |  2 ++
>  5 files changed, 36 insertions(+)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index d554c11e01ff..4393c10fcc6f 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -362,5 +362,6 @@
>  #define X86_BUG_CPU_MELTDOWN		X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */
>  #define X86_BUG_SPECTRE_V1		X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */
>  #define X86_BUG_SPECTRE_V2		X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */
> +#define X86_BUG_CPU_MD			X86_BUG(17) /* CPU is affected by memory disambiguation. */
>  
>  #endif /* _ASM_X86_CPUFEATURES_H */
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index bfca937bdcc3..79dfc80c4b9c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -340,4 +340,12 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
>  		       boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
>  		       spectre_v2_module_string());
>  }
> +
> +ssize_t cpu_show_md(struct device *dev, struct device_attribute *attr, char *buf)
> +{
> +	if (!boot_cpu_has_bug(X86_BUG_CPU_MD))
> +		return sprintf(buf, "Not affected\n");
> +
> +	return sprintf(buf, "Vulnerable\n");
> +}

I guess those can be unified into a single function at some point -
otherwise we'll have one set per CPU bug and that could become unwieldy
at some point.

>  #endif
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 348cf4821240..4cd1c95e21b2 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -935,6 +935,21 @@ static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
>  	return true;
>  }
>  
> +static const __initconst struct x86_cpu_id cpu_no_md[] = {
> +	{ X86_VENDOR_CENTAUR,	5 },
> +	{ X86_VENDOR_INTEL,	5 },
> +	{ X86_VENDOR_NSC,	5 },
> +	{ X86_VENDOR_ANY,	4 },
> +	{}
> +};
> +
> +static bool __init cpu_vulnerable_to_md(struct cpuinfo_x86 *c)
> +{
> +	if (x86_match_cpu(cpu_no_md))
> +		return false;
> +
> +	return true;
> +}

This too could be merged with cpu_vulnerable_to_meltdown() and made
into a common cpu_set_bug_bits() or so which goes through all those
x86_x86_id matching structures.

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--