From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 31 Oct 2019 21:01:05 -0000 Received: from youngberry.canonical.com ([91.189.89.112]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1iQHZ1-0000n2-VB for speck@linutronix.de; Thu, 31 Oct 2019 22:01:04 +0100 Received: from 162-237-133-238.lightspeed.rcsntx.sbcglobal.net ([162.237.133.238] helo=elm) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iQHYv-0006n7-8R for speck@linutronix.de; Thu, 31 Oct 2019 21:00:57 +0000 Date: Thu, 31 Oct 2019 16:00:55 -0500 From: Tyler Hicks Subject: [MODERATED] Re: ***UNCHECKED*** Re: [PATCH v7 0/5] NX 0 Message-ID: <20191031210054.GG19327@elm> References: <1571902455-22638-1-git-send-email-pbonzini@redhat.com> <20191028160203.GB838@suse.de> MIME-Version: 1.0 In-Reply-To: <20191028160203.GB838@suse.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On 2019-10-28 17:02:03, speck for Joerg Roedel wrote: > Hi Thomas, > > On Mon, Oct 28, 2019 at 01:08:33PM +0100, speck for Thomas Gleixner wrote: > > I assume you send another version of these. The series massively conflicts > > with the merged TAA pile, so can you please rebase on top of that? > > The conflicts are only in the first patch, I resolved them and here is > the result: > > From 386176962dcbb8827804627dcc762f373a5c0269 Mon Sep 17 00:00:00 2001 > From: Pawan Gupta > Date: Mon, 28 Oct 2019 09:55:28 +0100 > Subject: [PATCH 1/5] x86: Add ITLB_MULTIHIT bug infrastructure > > Some processors may incur a machine check error possibly > resulting in an unrecoverable cpu hang when an instruction fetch > encounters a TLB multi-hit in the instruction TLB. This can occur > when the page size is changed along with either the physical > address or cache type [1]. > > This issue affects both bare-metal x86 page tables and EPT. > > This can be mitigated by either eliminating the use of large > pages or by using careful TLB invalidations when changing the > page size in the page tables. > > Just like Spectre, Meltdown, L1TF and MDS, a new bit has been > allocated in MSR_IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) and will > be set on CPUs which are mitigated against this issue. > > [1] For example please refer to erratum SKL002 in "6th Generation > Intel Processor Family Specification Update" > https://www.intel.com/content/www/us/en/products/docs/processors/core/desktop-6th-gen-core-family-spec-update.html > https://www.google.com/search?q=site:intel.com+SKL002 > > There are a lot of other affected processors outside of Skylake and > that the erratum(referred above) does not fully disclose the issue > and the impact, both on Skylake and across all the affected CPUs. > > Signed-off-by: Vineela Tummalapalli > Co-developed-by: Pawan Gupta > Signed-off-by: Pawan Gupta > Signed-off-by: Paolo Bonzini > Signed-off-by: Joerg Roedel > --- > Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 7 +++ > arch/x86/kernel/cpu/bugs.c | 13 +++++ > arch/x86/kernel/cpu/common.c | 65 ++++++++++++---------- > drivers/base/cpu.c | 2 + > include/linux/cpu.h | 2 + > 7 files changed, 61 insertions(+), 30 deletions(-) > > diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu > index 0e77569bd5e0..fc20cde63d1e 100644 > --- a/Documentation/ABI/testing/sysfs-devices-system-cpu > +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu > @@ -487,6 +487,7 @@ What: /sys/devices/system/cpu/vulnerabilities > /sys/devices/system/cpu/vulnerabilities/l1tf > /sys/devices/system/cpu/vulnerabilities/mds > /sys/devices/system/cpu/vulnerabilities/tsx_async_abort > + /sys/devices/system/cpu/vulnerabilities/itlb_multihit > Date: January 2018 > Contact: Linux kernel mailing list > Description: Information about CPU vulnerabilities > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 989e03544f18..c4fbe379cc0b 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -400,5 +400,6 @@ > #define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */ > #define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */ > #define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */ > +#define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */ > > #endif /* _ASM_X86_CPUFEATURES_H */ > diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h > index b3a8bb2af0b6..6a3124664289 100644 > --- a/arch/x86/include/asm/msr-index.h > +++ b/arch/x86/include/asm/msr-index.h > @@ -93,6 +93,13 @@ > * Microarchitectural Data > * Sampling (MDS) vulnerabilities. > */ > +#define ARCH_CAP_PSCHANGE_MC_NO BIT(6) /* > + * The processor is not susceptible to a > + * machine check error due to modifying the > + * code page size along with either the > + * physical address or cache type > + * without TLB invalidation. > + */ > #define ARCH_CAP_TSX_CTRL_MSR BIT(7) /* MSR for TSX control is available. */ > #define ARCH_CAP_TAA_NO BIT(8) /* > * Not susceptible to > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 43c647e19439..5364beda8c61 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -1419,6 +1419,11 @@ static ssize_t l1tf_show_state(char *buf) > } > #endif > > +static ssize_t itlb_multihit_show_state(char *buf) > +{ > + return sprintf(buf, "Processor vulnerable\n"); > +} > + > static ssize_t mds_show_state(char *buf) > { > if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { > @@ -1524,6 +1529,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr > case X86_BUG_TAA: > return tsx_async_abort_show_state(buf); > > + case X86_BUG_ITLB_MULTIHIT: > + return itlb_multihit_show_state(buf); > + > default: > break; > } > @@ -1565,4 +1573,9 @@ ssize_t cpu_show_tsx_async_abort(struct device *dev, struct device_attribute *at > { > return cpu_show_common(dev, attr, buf, X86_BUG_TAA); > } > + > +ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr, char *buf) > +{ > + return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT); > +} > #endif > diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c > index f8b8afc8f5b5..d29b71ca3ca7 100644 > --- a/arch/x86/kernel/cpu/common.c > +++ b/arch/x86/kernel/cpu/common.c > @@ -1016,13 +1016,14 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) > #endif > } > > -#define NO_SPECULATION BIT(0) > -#define NO_MELTDOWN BIT(1) > -#define NO_SSB BIT(2) > -#define NO_L1TF BIT(3) > -#define NO_MDS BIT(4) > -#define MSBDS_ONLY BIT(5) > -#define NO_SWAPGS BIT(6) > +#define NO_SPECULATION BIT(0) > +#define NO_MELTDOWN BIT(1) > +#define NO_SSB BIT(2) > +#define NO_L1TF BIT(3) > +#define NO_MDS BIT(4) > +#define MSBDS_ONLY BIT(5) > +#define NO_SWAPGS BIT(6) > +#define NO_ITLB_MULTIHIT BIT(7) > > #define VULNWL(_vendor, _family, _model, _whitelist) \ > { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } > @@ -1043,27 +1044,27 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { > VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION), > > /* Intel Family 6 */ > - VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION), > - VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION), > - VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION), > - VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION), > - VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION), > - > - VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(ATOM_SILVERMONT_D, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > + VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION | NO_ITLB_MULTIHIT), > + > + VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_SILVERMONT_D, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > > VULNWL_INTEL(CORE_YONAH, NO_SSB), > > - VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS), > - VULNWL_INTEL(ATOM_AIRMONT_NP, NO_L1TF | NO_SWAPGS), > + VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_AIRMONT_NP, NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), > > - VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS), > - VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS), > - VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS), > + VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), > > /* > * Technically, swapgs isn't serializing on AMD (despite it previously > @@ -1074,14 +1075,14 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { > */ > > /* AMD Family 0xf - 0x12 */ > - VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), > - VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), > - VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), > - VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), > + VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > > /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ > - VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS), > - VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS), > + VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > + VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), > {} > }; > > @@ -1106,6 +1107,10 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) > { > u64 ia32_cap = x86_read_arch_cap_msr(); > > + /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */ > + if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO)) > + setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT); > + > if (cpu_matches(NO_SPECULATION)) > return; > > diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c > index 0fccd8c0312e..86f531fea9d0 100644 > --- a/drivers/base/cpu.c > +++ b/drivers/base/cpu.c I hate to make this thread more of a mess than it already is but I noticed that you dropped a hunk that shouldn't have been dropped. The following needs to be applied on top of this patch: diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 86f531fea9d0..7fbc022a235b 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -561,6 +561,12 @@ ssize_t __weak cpu_show_tsx_async_abort(struct device *dev, return sprintf(buf, "Not affected\n"); } +ssize_t __weak cpu_show_itlb_multihit(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "Not affected\n"); +} + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); > @@ -568,6 +568,7 @@ static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL); > static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL); > static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL); > static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL); > +static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL); > > static struct attribute *cpu_root_vulnerabilities_attrs[] = { > &dev_attr_meltdown.attr, > @@ -577,6 +578,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { > &dev_attr_l1tf.attr, > &dev_attr_mds.attr, > &dev_attr_tsx_async_abort.attr, > + &dev_attr_itlb_multihit.attr, > NULL > }; > > diff --git a/include/linux/cpu.h b/include/linux/cpu.h > index f35369f79771..2a093434e975 100644 > --- a/include/linux/cpu.h > +++ b/include/linux/cpu.h > @@ -62,6 +62,8 @@ extern ssize_t cpu_show_mds(struct device *dev, > extern ssize_t cpu_show_tsx_async_abort(struct device *dev, > struct device_attribute *attr, > char *buf); > +extern ssize_t cpu_show_itlb_multihit(struct device *dev, > + struct device_attribute *attr, char *buf); > > extern __printf(4, 5) > struct device *cpu_device_create(struct device *parent, void *drvdata, > -- > 2.16.4 >